Passwords! - It seems like every web site or service requires you to have a password, and if your being diligent and creating a unique password for each site, then sooner or later you are going to require a process for securely managing all your account details.
In today’s video, I am going to demonstrate the approach I take, which I hope you’ll find useful. There a several programs available, allowing you to manage your passwords using a nice graphical user interface, but I wanted a command line solution, as ultimately I want to store my master password file on a Linux server, so I can access it from any computer over SSH
Here I have my master password file, which is just a plain text file. If I open the file in a text editor you can see how I structure it’s contents. Basically I have three columns, the first being the web site or service, the second being the username used, the final column is the password for that account. You can see I have two YouTube accounts in here, and it doesn’t matter that these are not stored together in the file, just append new account details to the end as you create them. The reason will become apparent when I show you how to look up a password.
OK, now we have our master password file, we need to encrypt it, so that if our computer is stolen or lost, our account details won’t fall into the wrong hands. I use the ccrypt command line utility, which uses the very strong Rijndael encryption algorithm. This utility should be available in most Linux distributions, but if it isn’t there are pre-compiled binaries available from the web site.
One you have ccrypt installed, use the ccencrypt command, with a space, followed by the filename you want to encrypt. You will be prompted to enter an encryption key, which will become the master pass phrase to access the file in the future. The longer the pass phrase you use the better the security will be. After entering your chosen pass phrase, you will be prompted to enter it again, so the software can verify you entered it correctly.
After the file has been encrypted, the software appends .cpt to the end of your filename, as a visual reminder that the file is in fact encrypted. If I open this file in a text editor, you can see that the contents are totally unreadable.
Let’s assume I have forgotten either a username or password used for a given site. I can use the ccat command, which will decrypt the file supplied and output the contents to the screen. You will have to enter your master pass phrase before ccat will decrypt the file.
However, if your master password file contains hundreds of passwords, then you can use grep to search for a particular web site or service. So lets try searching for my YouTube passwords, by appending the pipe character, followed by grep and the word YouTube to the previous command. There you go, grep has filtered out just the entries I am interested in. I think you’ll agree that makes looking up passwords much easier.
But being lazy that’s still too much to type, so I have assigned the command sequence to an alias on the letter p, so all I need to type to look up a password is p followed by my search criteria, for example twitter. I still get prompted for the master pass phrase, but the output just gives me the information I need.
Finally, if you need to add new account details to you your passwords file, then you must decrypt the contents back to a plain text file, so that you can edit it within your chosen editor. To do this use the ccdecrypt command, passing in the filename and supplying the master pass phrase, what you end up with is the original plain text file.
Paul Bradley is a full time software developer, and while he has to use Windows for work he chooses to use Linux and open source software on all his personal computers. He has been using Linux since 2008 and is currently using Xubuntu and CrunchBang Linux.
This article was first published on 25.10.2010
© copyright 2004–2012
Home † Contact † Colophon † Disclaimer