05:09 pm, 10 Jul 06
password management
I was talking to
dan_erat about password management, and it occurred to me to ask about it here.
I'd like to store password for websites and for other apps (my canonical example is that I have multiple programs that want to log into LJ, each managing a separate copy of my password) in the same place. There are a few nice programs that facilitate a database protected by a passphrase and make it easy to copy and paste (one cool thing about stuff like pwsafe is that it can clear the clipboard after you paste once), but what I really want is some sort of backend daemon these apps could request passwords from.
OS X has Keychain. (Here's a thread on WinXP's equivalent.) Two questions:
I'd like to store password for websites and for other apps (my canonical example is that I have multiple programs that want to log into LJ, each managing a separate copy of my password) in the same place. There are a few nice programs that facilitate a database protected by a passphrase and make it easy to copy and paste (one cool thing about stuff like pwsafe is that it can clear the clipboard after you paste once), but what I really want is some sort of backend daemon these apps could request passwords from.
OS X has Keychain. (Here's a thread on WinXP's equivalent.) Two questions:
- Is there something similar for Linux?
- Should these sorts of programs make me pretty worried about security? Like, if my web browser can query Keychain, I'm depending on Keychain to properly return only the proper passwords. Would adding something like "process [foo] is requesting a password" make it more secure, or is that just a false sense of security?
So just use the name of your cat or something for everything in category B. Nobody will ever go to the effort to crack it, and if they do, you won't really care.
Me, I've got a couple of dozen things in category A, and the Keychain's a fine and private place for them.
I think the Keychain's pretty great. It's also well integrated into the higher-level networking APIs, so if you use, say, NSURLRequest to fetch an http: URL that's protected by HTTP auth, the password will be transparently fetched from the keychain for you by default.
in KDE...
... there is kdewallet. Pretty much the same thing.