Home :: Blogs :: netrom's blog

Secure storage of passwords on portable drive

By netrom - Posted on August 23rd, 2009
Tagged:  

Last Thursday i got my Free Software Foundation (FSF) membership card, which is a credit card sized USB drive. It looks like the following:

Keydisk

As I got together with a friend an idea formed. The idea of storing passwords and other key files on a portable drive in encrypted state. But it would have to be easy to manage the keys and it should be possible to decrypt and use them on "every" system (like Linux, Mac OS X, and Windows). We found that the program KeePassX was able to fulfill all of those needs. It is even ported to the above mentioned systems. The Mac OS X binaries were put onto the USB drive and (debian) linux versions for 32 and 64 bit were compiled and put on the card as well. As for the Windows version we didn't take the KeePassX version. No, instead we took the original, KeePass, which KeePassX is actually ported from. Another cool feature of KeePassX is that you can attach files to the entries of the database. Thereby giving the possibility of saving SSH keys, PGP keys etc. in there as well. Another cool feature is that when you copy a password or a username to the clipboard (by a button so that you don't have to see the actual data yourself), then you can configure it to remove it again after a specified time, say 10 seconds for instance. Or to lock the database after a specified time as well.. But one of the most neat features is the Auto-Type, as they call it. Often you have to place the cursor in the username field, insert, tab to the password field, insert, and press enter. What if you could automate that process instead? You can by writing the following in the comment field:

Auto-Type: {USERNAME} {TAB} {PASSWORD} {ENTER}

Then when you put your cursor in the username field and select the correct entry in the database and click Control-V, it will do those specified actions for you. Awesome, I think. But right now it does not work for Mac.. It will come, I hope.

What was missing at this point was to generate a password database and put in on the disk. I generated a 28 character master password for the protection of the database, which btw. uses AES for encryption (256 bit). The disk was tested on the given systems and it worked like a charm!

It is important to notice that there is now a single point of failure, but as the master password is 28 characters long and only stored in my head i would argue that this solution is secure enough.