Archive

Posts Tagged ‘Mono’

KeePass: The Cross-platform Password Safe

December 20th, 2012 1 comment

These days you really need a strong, unique password for almost everything you do online. To make matters even worse for the average user, security nuts will tell you that you actually need a different password for essentially every account you hold. Why? Consider the following scenario:

Little Timmy signs up for Facebook using his super secret password @wesomeS@auce3!. This password is so strong and good that even he can hardly remember it. Then he wants a Twitter account so he goes and signs up there using the same password. Some time passes and Timmy’s Twitter account is hacked. Using his associated e-mail address they try the same e-mail and password on Facebook (because it is a popular website that most people belong to) and lo and behold they have access. Little Timmy’s virtual life falls apart around him.

Think I’m being paranoid? Take a look at these examples and adjust your tin foil hat accordingly.

What to do?

So what can you do about it? Well for one don’t use the password above because now it is all over the internet. For two use strong unique passwords for each website you care about. What do I mean by that? Well in the above example Timmy clearly cared about both Facebook and Twitter so he should have used different passwords for each. That way when his hypothetical Twitter account became hacked the attackers couldn’t use the same password to gain access to his Facebook account. That said it is always good to have a throw away password or two to use on those one-off websites that you will either never visit again or don’t care if they get compromised. Third either remember all of these unique passwords in your super genius conehead sized brain or use a password safe to make it easy on yourself.

Password Safes

A password safe is essentially a program that allows you to maintain a number of different passwords while only having to remember one. Essentially you enter a master password into the program and this acts as your key to unlock all of your others passwords. That way you (technically) only have to remember one password at a time (the master password) and you only have one password to change on a regular basis (although you should obviously refresh your other passwords every so often as well). A number of these programs exists (such as LastPass, etc.) but personally I prefer KeePass.

KeePass

KeePass comes in two flavours: version 1.x (which is technically now legacy) and version 2.x (which is current). Beyond feature set the biggest difference is that version 2.x requires the .NET Framework (or Mono) and version 1.x doesn’t. For the purposes of this post I’ll be focusing on version 2.x.

KeePass has a number of great features that make it indispensable in my day-to-day computing life. While the full feature list is actually quite long I’ll just list the most useful or important ones here:

  • Open source which means that the source code has been looked at and checked over for any sort of backdoor or other nonsense that a potentially evil author would code into it. This is very important when you’re considering placing all of your password eggs in one proverbial basket.
  • When you create a new password entry you can store any sort of arbitrary information along with it:

    New Password Entry

    New Password Entry

  • All of your passwords are stored completely encrypted including all comments, website URLs and user names. This is incredibly convenient because it allows you to safely do things like create an entry containing you credit card information. Never again will you have to hunt down your wallet to make that spur of the moment online purchase!
  • It is portable – you can run it straight off of a USB stick, no installation required!
  • Rule based, strong password generator. Having a long, strong, password is very important but remembering one is very hard. Instead why not have KeePass generate a per-website, completely random, strong password for you? Using a website that for some reason doesn’t like special characters or only allows up to a 12 character password? No problem just change the rule set you use when you generate that particular password.
    Password Generator

    Password Generator

    Here are some examples of random passwords I just generated now:

    Lots of random passwords!

    Lots of random passwords!

  • Cross-platform – KeePass has implementations on almost every platform. Version 1.x runs on Windows, Mac and Linux (via KeePassX). Version 2.x runs on Windows, Mac and Linux (using Microsoft’s .NET or the open source Mono). There are even versions of it for Android, iPhone and others.
  • Auto-type – this is by far the best feature. Even if you, for some reason, didn’t want to use any other feature that KeePass has to offer, its Auto-type functionality alone is worth the install. Essentially you tell KeePass what window to look for (for instance Firefox browsing my bank’s website) and how it should type things for you (usually user name, tab, password, enter). Then you set up some key combination you want to use (like Ctrl + Alt + A) and KeePass does all of the typing for you. Now when I want to enter one of those crazy strong and super random passwords I don’t have to type it out or even copy and paste. I simply click my mouse in the user name field and press Ctrl + Alt + A. The genius of this is that it can work for all accounts on your computer not just website ones – for instance I use it at work to keep track of my passwords for our internal programs.

WHO IS PAYING YOU?

All of this praise may make it seem like I’m getting paid to write this article but that isn’t the case (not that I would turn the money down mind you *hint hint*…). KeePass is just one of those programs I use daily that does so many things right I can’t help but like it. So in conclusion give it, or a similar password store, a try and make your online presence more resilient to password hacking. Let me know which password safes you think are awesome.

This post originally appeared on my personal website here.




I am currently running a variety of distributions, primarily Ubuntu 14.04.
Previously I was running KDE 4.3.3 on top of Fedora 11 (for the first experiment) and KDE 4.6.5 on top of Gentoo (for the second experiment).
Check out my profile for more information.

Day 12, my current software setup

September 12th, 2009 No comments

It has been almost half a month since the experiment has begun and I think everyone is just getting to the point where they can begin to be truly productive on their systems. As such I just wanted to share my current software setup, as is, and the replacements I am using for the proprietary software packages that I  would have otherwise normally used under a Window’s environment.

Operating System

As you may have already known, I have chosen Fedora 11 as my distribution for this experiment. While it was quite a rocky start, Fedora is proving to be a competent operating system and should fit my needs for the duration of the experiment.

Office & Word Processing

Fedora ships with OpenOffice.org 3.1.1 as its office suite. I have used OpenOffice.org in the past and have found it to be a adequate alternative to Microsoft’s Office suite if not without it’s own faults. Perhaps it is just my familiarity with Microsoft’s Office suite but I find OpenOffice.org to have many odd quirks. For example its ability to open but not save to Office Open XML (*.docx, *.pptx, *.xlsx, etc.) is rather frustrating. I think for the most part I am going to be using OpenOffice.org’s preferred format, the OpenDocument Format, but I have read numerous issues with this format as well. I guess time will tell if this is a good choice or not.

Moving forward I think I am going to be looking at alternatives to OpenOffice.org, such as AbiWord or KOffice, just to see if those work better for me.

E-mail Client

As on Windows I am using Thunderbird to manage my e-mail. What’s kind of weird is I can only seem to install the Thunderbird 3 beta version from my repositories. Again you can find my contact information on my page here.

Browser

This one was a really a easy choice for me. I have been using Firefox on Windows for a long time. Fedora allows me to run the most recent version which is 3.5.3 as of this writing. My browsing experience has not changed whatsoever from how it was on Windows.

Instant Messaging

On Windows I had been mostly using Windows Live Messenger. Now that I am on Linux I have tried various IM clients including aMSN, Kopete and Pidgin. Of the bunch I think Kopete has a lot of potential but I am sticking with Pidgin. It just seems to do everything and do it mostly right.

Music/Media Management

As an alternative for iTunes I gave Rhythmbox a go and was very impressed. Next I tried Songbird and while there isn’t much difference between the two players, I like the feel of Songbird better. For videos I am still trying to decide whether I prefer VLC or MPlayer. Like Rhythmbox and Songbird there really isn’t much difference between VLC and MPlayer.

Image Manipulation

I have never been a big Photoshop person so my needs in this category were pretty easy to meet. That being said I have settled on using both the GIMP and KolourPaint to fill in any gaps.

Development

In the past I have been primarily a Windows developer using tools such as Visual Studio to get my jobs done. I would be very interested in seeing how Mono development works on Linux but in the meantime I will be using Eclipse’s Java and C/C++ tools as my primary Linux development platform.

Torrents

Because there is no µTorrent support for Linux, except under Wine, I have decided to use the native client KTorrent for all of my torrenting needs! I find it to be very similar to what I’m used to on Windows so again this is a easy solution for me.

That’s It For Now

I’ll let you know if I find any better alternatives moving forward.