[ale] How do you store your passwords?

Bob Toxen transam at verysecurelinux.com
Mon Nov 12 16:14:24 EST 2007


The MAJOR problem with that Makefile is that it does NOT destroy
the unencrypted contents of the password file.

The first step is to replace the line reading:

        @$(RM) $(FILEPLAIN)

with:

        @shred -u $(FILEPLAIN)
        @$(RM) $(FILEPLAIN)

The second step is to deal with vi's temporary file and the plain text
file before the vi ":w" (or similar) command is given that causes the
plain text file to be truncated and those blocks containing the plain
text to be put on the free list.  This is non-trivial.

A partial solution to the second step is to change:

        @$(VI) $(FILEPLAIN)

to: 

        @$(VI) -n $(FILEPLAIN)

to disable use of a "vi swap file".  Then, issue the command to vi:

	:set noaw

Finally, before writing out the changed file, issue the vi command:

	:shred %

Third, you need to worry about the xterm window caching.  This can be
done by clicking the following or disabling history on that xterm:

	Edit->Clear History

Fourth, you would want to shred the system's swap space in case vi gets
swapped out or take your chances, small though they may be.  You could
run shred on the swap device (perhaps in single-user mode) and then
reboot the system.  This also probably would erase RAM containing the
unencrypted data loaded by vi.  (gpg is smart enough to not leave
unencrypted data in RAM or in system swap space.)

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
Quality spam and virus filters.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002

On Fri, Nov 09, 2007 at 05:10:30PM -0500, Nick Ali wrote:
> On Nov 9, 2007 4:42 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> > This is a neat use of make.  I like it.  How are you handling the
> > error cases?  For example, i'm thinking about what happens the first
> > time you try to "make edit" your password file after your GPG key
> > expires -- since GPG will fail to encrypt to an expired key, will it
> > nuke your password file entirely by overwriting it with the truncated
> > (failed) gpg output?
> >
> >   (not that i ask from personal experience or anything...)
> >
> > Care to share your makefile?  I know i'd be interested in seeing it,
> > at least.
> 
> With my simple Makefile, if your key has expired, it will bail out
> when re-encrypting and you will be left with an encrypted file and
> unencrypted file.
> 
> I found the Makefile somewhere online, but can't remember where. It
> doesn't really handle any error cases, but you shouldn't lose any data
> if things don't work for some reason:
> --------
> GPGID = user at whatever.com
> FILEPLAIN = myencryptedfile
> FILECRYPT = $(FILEPLAIN).gpg
> 
> HOMEDIR = ../somedirectory/.gnupg
> GPG = gpg --homedir $(HOMEDIR)
> RM = rm -i
> VI = vi
> 
> all:
>         @echo ""
>         @echo "usage:"
>         @echo ""
>         @echo "* make view -- to see $(FILEPLAIN)"
>         @echo "* make edit -- to edit $(FILEPLAIN)"
>         @echo ""
> 
> edit:
>         @umask 0077; $(GPG) --output $(FILEPLAIN) --decrypt $(FILECRYPT)
>         @$(VI) $(FILEPLAIN)
>         @umask 0077; $(GPG) --encrypt --recipient $(GPGID) $(FILEPLAIN)
>         @$(RM) $(FILEPLAIN)
> 
> view:
>         @umask 0077; $(GPG) --decrypt $(FILECRYPT) | less
> --------------
> 
> nick
> 
> 
> -- 
> 
> http://boredandblogging.com
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list