«

Is there a relatively safe way to store a list of passwords and
sign-up info on a computer? I have no reason to think that anybody
would be interested in me or what I do, and from all the tests I've
run, at places like GRC.COM, my firewall is doing a swell job of
keeping me in stealth mode. Computers are great tools for organizing
and that's the temptation: I want to organize my scads of user names
and passwords to gain entry to various groups and email accounts.

I'm not interested in buying a new program, and already have the
typical office programs like various word processing programs, Excel,
and Access.

Maybe encrypting some files would do the trick? I've never done that.

If you have some suggestions, please postum. As I said, my stuff
isn't important to anybody really (except someone who just wants to
mess with me because they can) and I have no reason to think that my
computer security has been violated.

Edw. Peach <> wrote:
> Is there a relatively safe way to store a list of passwords and
> sign-up info on a computer?

> I'm not interested in buying a new program, and already have the
> typical office programs like various word processing programs, Excel,
> and Access.
>
> Maybe encrypting some files would do the trick? I've never done that.

For stuff that isn't too sensitive, I have a file that I encrypted with
GnuPG on my disk. It works just fine, as I tend to remember the
passphrases for accounts I use often enough to get worried about the
bother of GnuPG.

Joachim

Edw. Peach <> wrote in
news::

> Is there a relatively safe way to store a list of passwords and
> sign-up info on a computer? I have no reason to think that anybody
> would be interested in me or what I do, and from all the tests I've
> run, at places like GRC.COM, my firewall is doing a swell job of
> keeping me in stealth mode. Computers are great tools for organizing
> and that's the temptation: I want to organize my scads of user names
> and passwords to gain entry to various groups and email accounts.
>
> I'm not interested in buying a new program, and already have the
> typical office programs like various word processing programs, Excel,
> and Access.
>
> Maybe encrypting some files would do the trick? I've never done that.
>
> If you have some suggestions, please postum. As I said, my stuff
> isn't important to anybody really (except someone who just wants to
> mess with me because they can) and I have no reason to think that my
> computer security has been violated.



There's a large number of "password holder" programs out there which will
store your other names & passwords under a single master password. They
vary widely in extra features (e.g., whether you have to cut and paste or
the program does it for you automatically).

The grand-daddy of them all (although I don't know how it stacks up in the
features department) is Password Safe, written "under the supervision of"
Bruce Schneier (he's done a code review, I guess). It's free too!

http://www.schneier.com/passsafe.html

Regards,

Edw.Peach wrote:

> Is there a relatively safe way to store a list of passwords and sign-up
> info on a computer? I have no reason to think that anybody would be
> interested in me or what I do, and from all the tests I've run, at places
> like GRC.COM, my firewall is doing a swell job of keeping me in stealth

First I have to deal with a bit of a pet peeve. Sorry.

Dropping packets (stealth) might look appealing at first glance. What's
not to like about being "invisible", right? The problem is you're not
invisible at all, and in some cases you might be even MORE visible than
someone who replies according to RFC standards. By dropping packets you
can actually stick out.

For example, an attacker might spray echo requests across a block of IP
addresses and ignore "host unreachable" replies because they are the
standard response to pinging IP addresses that simply don't exist. But any
echo requests that seem to fall off the end of the Internet are a good
sign someone is using "stealth". Bingo! Start hammering on ports at this
"invisible" address and sooner or later something might give.

There's other similar disadvantages to so called "stealth", but enough of
that.

> mode. Computers are great tools for organizing and that's the temptation:
> I want to organize my scads of user names and passwords to gain entry to
> various groups and email accounts.
>
> I'm not interested in buying a new program, and already have the typical
> office programs like various word processing programs, Excel, and Access.
>
> Maybe encrypting some files would do the trick? I've never done that.

The two current de facto standards for file encryption are PGP and GnuPG.
They're very similar versions of the same basic principals. They even
"talk to each other". Files and messages encrypted with one can generally
be decrypted with the other and visa versa.

PGP is probably your better bet for novice users on Windows platforms.
It's notably less "geeky", and a wide user base means easy access to
problem solving information. GnuPG undergoes more scrutiny from the open
source community, and is arguably more trusted because of this "openness".

PGP is also open source, but laying hands on that source code is a bit
harder and most versions include a pretty GUI that bloats the code
considerably. It also comes in both free and paid versions, which may or
may not include features you want or don't want. GnuPG is command line
only, but a number of good "front ends" exist that make it more than
usable. It's also completely free in its full version. Here's a couple
starting points...

PGP http://www.pgpi.org/products/pgp/versions/freeware/

GnuPG http://www.gnupg.org

And another outstanding resource...

http://www.mccune.cc/PGP.htm

That should cover "standard" file encryption throughly enough, and to be
honest either one will give you what you want and more, including the
ability to send secured email, digitally sign files and messages, and
verify signatures on others' messages.

If you don't give a hoot about that stuff and you're a Windows user, you
might want to consider a free "password manager" that keeps your account
information stored in a password protected, encrypted file. Much like
using the two suggestions above, but with a fancy, "dedicated" user
interface.

They can also offer some advantages like one-button copy to clipboard for
login and passwords, clickable links to your accounts, and automagical
clipboard clearing when the program is terminated or minimized. The only
two I have any personal experience with are Password Safe, and PINs.

Password Safe is the brainchild of none other than encryption guru Bruce
Schneier. This carries lot of trust value with most people, including
myself.

http://www.schneier.com/passsafe.html

PINs is also open source freeware, and a little more "pretty" if memory
serves.

http://www.mirekw.com/winfreeware/pins.html

In my opinion either one of these it *probably* the quickest and easiest
solution to your problem, but going with PGP or GnuPG, while a bit more of
a broad and "complex" solution, would be more ideal in the sense that if
you did decide you needed or wanted more or different types of security
they're right there at your fingertips. The trade off is the learning
curve. You'll have to deal with new concepts, while the two "password
managers" are going to be relatively intuitive.

Just my $.02.

Thanks for the responses.

Okay, I'm not safe online. Nobody is. I just don't do anything or
have anything that someone would desire, other than use of my computer
resources if used in a DOS attack or something along those lines.

I'll have to investigate these options and see what might be best for
me.

The only bad thing I can see is if someone does compromise my security
and finds encrypted files, they might think there's something
worthwhile there. LOL.

Some of these programs hold both your password and the url it goes
with. Combined with disc encryption, it's pretty secure and gives you
the type of organization you want.

Regards.

blackhat wrote:

> Some of these programs hold both your password and the url it goes with.

Not some, all. A password manager without a way to record which account
the login and password belong to would be absolutely useless.

> Combined with disc encryption, it's pretty secure and gives you the type
> of organization you want.

All the password managers mentioned here use strong encryption, so they're
"pretty safe" all by themselves.

I know you get beat up a lot and you're just trying to fit in, so here's a
little friendly advice. You should be the one asking the questions, not
answering them. You'd be a lot more likable if you were trying to honestly
attain some level of competence rather than trying to lay false claim to
one.

Hope this helps.

Edw. Peach wrote:
> Is there a relatively safe way to store a list of passwords and
> sign-up info on a computer? I have no reason to think that anybody
> would be interested in me or what I do, and from all the tests I've
> run, at places like GRC.COM, my firewall is doing a swell job of
> keeping me in stealth mode. Computers are great tools for organizing
> and that's the temptation: I want to organize my scads of user names
> and passwords to gain entry to various groups and email accounts.
>
> I'm not interested in buying a new program, and already have the
> typical office programs like various word processing programs, Excel,
> and Access.
>
> Maybe encrypting some files would do the trick? I've never done that.
>
> If you have some suggestions, please postum. As I said, my stuff
> isn't important to anybody really (except someone who just wants to
> mess with me because they can) and I have no reason to think that my
> computer security has been violated.
There is a open source package called password safe that uses MD5
encryption for passwords, has a random password generator that can be
set to various parameters. Double click stored sitename to paste
password into memory, then paste in site. It does require the password
safe password on access (only once till closed). I have used the older
1.7 version and it has been stable. I have never upgraded since it met
my meager requirements. Simple tool to use.

http://passwordsafe.sourceforge.net/

Winged