[Chester LUG] Password manager

Les Pritchard les.pritchard at gmail.com
Wed Jul 18 19:07:08 UTC 2012 

Hi Dave,

Thanks for the feedback, it's all appreciated. I can see your point about
people not trusting a website. After some other feedback regarding assuring
provenance to users I'm in the process of changing the online version to
run under an SSL connection. The Javascript code (yes it is in that) was
run through an optimiser / obfuscater just whilst I was playing with it.
I'm now thinking about replacing it with the original code and commenting
it up so anyone can read it and see that there's no communication of
passwords going on. Even if I was evil and attempted to collect the
passwords and pins I wouldn't know who they were for or their usernames so
I wouldn't get too far making my millions there :-)

I had thought about a browser extension a while back, but as I never use
any promptly forgot about it! I have very limited knowledge on extensions,
but I think I'm right in saying they are Javascript under the hood. So
porting the code over should be fairly easy (the code for the webpage is
far simpler than the app as it only has to do the basics).

I suppose the next decision would be Firefox or Chrome! Chrome is the most
popular browser after IE, so I think that would be the best target.

Thanks again for the feedback

Les

On 18 July 2012 18:41, David Holden <dh at iucr.org> wrote:

> Hi Les gave it a try - very nice. But I'd be more likely to use it as an
> extension. The "online" version may be running locally (javascript?) but
> I think a user would be more confident he wasn't sharing his account
> password and key if it was an extension.
>
>
> Still the java app would be very worthwhile for sysadmins to share for
> their daily password needs.
>
>  Cheers,
>
>       Dave.
>
>
> On 18/07/12 12:51, Les Pritchard wrote:
> > Hi Mike,
> >
> > Thanks for your thoughts. My problem was creating (or rather
> > remembering) a new unique pass phrase for each site. If you use some
> > form of pattern, once one is found an attacker would have more
> > information to attempt access to others I own. Using a hardware device
> > like the Yubikey is a nice idea and works well. Personally I wanted
> > something that would work on any system without the need for carrying
> > around additional hardware and would work on all smartphones.
> >
> > Obviously it's all about finding a solution that works for you. You seem
> > to have it cracked with a nice solution. This app was something to solve
> > my own need and hopefully it will help some others too.
> >
> > Thanks for looking
> >
> > Les
> >
> > On 18 July 2012 12:30, Michael Crilly <mrcrilly at gmail.com
> > <mailto:mrcrilly at gmail.com>> wrote:
> >
> >     I'll give it a try at some point, Les. Personally I use a pass
> >     phrase in my head (different ones for each service), combined with a
> >     static string that my Yubikey outputs. Two factor authentication
> >     with a physical aspect seems to be the best solution in my opinion.
> >
> >     - MTC
> >
> >     On 17 Jul 2012, at 13:49, Les Pritchard <les.pritchard at gmail.com
> >     <mailto:les.pritchard at gmail.com>> wrote:
> >
> >     > Hi all,
> >     >
> >     > I mentioned at the last LUG meet that I've been working on a small
> >     > password manager app, well it's now available and it would be
> great if
> >     > some of you could take a look and try it out. The big difference
> >     > between this and the common 'password safe' type system is that
> this
> >     > tool never saves any passwords, so there's no central location to
> be
> >     > attacked or lost. It works by creating repeatable passwords for
> each
> >     > set of variables (your common password, pin and the name of the
> >     > account). Take a look at the website for more information about the
> >     > app and to download a copy - www.passeto.com <
> http://www.passeto.com>.
> >     >
> >     > There's a desktop app (Linux version of course!) and an online
> version
> >     > for when you're on the move. I'm going to add some more features in
> >     > the near future and hopefully produce a mobile app.
> >     >
> >     > Please take a look and email directly if you have any questions,
> >     > feedback or feature requests! It's not Open Source (yet) but is
> free
> >     > for all.
> >     >
> >     > Thanks
> >     >
> >     > Les
> >     >
> >     > _______________________________________________
> >     > Chester mailing list
> >     > Chester at mailman.lug.org.uk <mailto:Chester at mailman.lug.org.uk>
> >     > https://mailman.lug.org.uk/mailman/listinfo/chester
> >
> >     _______________________________________________
> >     Chester mailing list
> >     Chester at mailman.lug.org.uk <mailto:Chester at mailman.lug.org.uk>
> >     https://mailman.lug.org.uk/mailman/listinfo/chester
> >
> >
> >
> >
> > _______________________________________________
> > Chester mailing list
> > Chester at mailman.lug.org.uk
> > https://mailman.lug.org.uk/mailman/listinfo/chester
> >
>
> --
> Dr David Holden. (dh at iucr.org)
>
>
>
> _______________________________________________
> Chester mailing list
> Chester at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/chester
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/chester/attachments/20120718/71fe1b8c/attachment.html>

More information about the Chester mailing list