I mentioned several posts ago that my old Yahoo account had been hacked and that, as a result, I was madly changing passwords on everything I’d ever touched. I’m happy to report that this seems to have done the trick: no more dodgy sign-ins from the likes of Peru or Slovenia, for example, and no more spam (as far as I can tell) being sent from my old yahoo email account.
I also mentioned earlier that I was now keeping all my passwords in the completely zero-cost password manager called Keepass. Not only do I store the passwords there, I also get Keepass to generate the passwords in the first place… properly randomised, upper- and lower-case, plus numerals, plus special characters: you get the idea! In fact, I now don’t know what my passwords are to anything! If I need to log in to something, I simply run Keepass, copy the encrypted password into the clipboard (from which it is auto-cleaned after 30 seconds) and paste it into the password field. I know my Gmail password is 64 characters long, therefore, but I don’t know anything else about it and, so long as I can run Keepass, I don’t need to.
It’s a little fiddly, perhaps. But it’s definitely a more secure way to do things.
Provided I can run Windows, that is, because Keepass is a Windows-only application. (Yeah, a security product running on Windows… quit the laughing already!)
I only realised this flaw in my methodology when I got stuck on one of my old PCs which happened to have Fedora 15 x86_64 installed on it and found I couldn’t log in to anything!
Happily, there is a (fiddly) workaround: there’s an equivalent product, called KeepassX, which will run on Linux, provided you compile it from source. Doing that is just a little trickier than I’d like, so here’s the Fedora 15 64-bit recipe for doing that, should it be needed in future:
- Download the KeepassX software. Save it to a convenient place: I use my Desktop folder.
- Right-click the downloaded .tar.gz file and select ‘extract here’. You should end up with a directory called keepassx-0.4.3
- As root, issue this command to install a necessary prerequisite: yum install libXtst-devel
- As root, cd to the new keepassx-0.4.3 subdirectory and run the command: yum install mingw32-qt-qmake
- Still as root, run the command: /usr/lib64/qt4/bin/qmake
- Still as root, run the command: make
- Still as root, run the command make install
You should now be able to type the command keepassx in a terminal session as yourself and have the software run correctly.
The only other issue you’ll have is that if you’ve used the latest version of Keepass on Windows (version 2.something or other) to create your password ‘vault’, you won’t be able to open it in the Linux version (which is compatible only with version 1.x) because of file format changes between versions. Happily, if you go back to the Windows version and select File -> Export, you’ll be able to output a copy of your vault in 1.x format, which KeepassX will then be able to read without drama.
Which only leaves the small matter of saving the password vault (and its 1.x equivalent) on an encrypted USB thumb drive. On Windows, I use Truecrypt to encrypt the entire device (and to subsequently mount and unmount it) -and, happily, it’s available for Linux as well. Installation is an absolute doddle:
- Download the Linux version of the Standard Truecrypt software (I prefer not to go console-only!)
- Right-click the download and select ‘extract here’
- As root, in a terminal session, invoke the extracted file (which is a shell script) by issuing the command:
/home/hjr/Desktop/truecrypt-7.0a-setup-x64.
Substitute your own path and file name in that lot, obviously. - Select option 1 (to install Truecrypt), agree to the license… job done.
You now just type the command truecrypt in a terminal session as yourself to run the software, which behaves exactly as it does under Windows. The only slight twist is that when you mount your thumb drive, Truecrypt will first prompt you for the encrypted device’s master password, which is fine. But it will then prompt you for your Linux user account’s password -which may well not have the necessary privileges to mount devices. If that’s the case, it will complain that it ‘Failed to obtain administrator privileges: hjr is not in the sudoers file’.
Which, finally, prompts the inevitable question: how do I add myself to the sudoers file, then?! Easy: as root, issue this command:
echo ‘hjr ALL=(ALL) ALL’ >> /etc/sudoers.
(Use your own username, obviously, unless you too happen to log on to your OSes as ‘hjr’!) As soon as you’ve done that, re-run Truecrypt as yourself and you should be able to mount and dismount the encrypted thumb drive at will.
Howard,
you have a typo in your post, Solvenia -> Slovenia .
I’m using similar strategy, truecrypt plus Keepass, at first I was using USB key as well and it become a nightmare, because I ended up with local copies that I had to synchronize manually. I replaced USB storage with Dropbox where I’m keeping small TC volume (386K) up to date on all of my machines (Linux, Windows). Just a suggestion.
Regards,
Ales
Transposition error fixed, thank you.
I don’t really see the need for multiple local copies in need of synchronisation. That’s what the USB key is for (insert as required, it being connected to my house keys which are always with me)! I do, however, use Google Docs to store a disaster recovery copy (it handles multi-versioning very well).
I’ve never used Dropbox (and never felt the need to), so I can’t comment on that from personal experience. I’m sure others will find it a good suggestion though.
Cheers!
Howard,
The article is good, but you’re missing a fundamental point: one can run even the most recent editions of KeePass on Linux through the use of Mono. I most recent distros, all you need to do is download the most recent version of mono (at least 2.6) and then run
It’s the best way to manage KeePass when you have, for example, a partition with Linux and another with Windows, or if you have different computers with different OS.
tl;dr: I’m still to see something that Linux can’t do
I haven’t missed the point at all.
Perhaps you’ve not noticed that there are some people (i.e., quite a few) that happen not to think that Mono is such a great idea and wouldn’t want to go out of their way to ‘taint’ their distros with it? Maybe, indeed, you missed several recent articles here in which I went out of my way to describe how to slim your distro down, not bloat it up with software I don’t need?!
No, my point here was that I can have Keepass on my Linux boxen without the need for Mono or any other stonking great pile of software I otherwise wouldn’t use (like Wine, for example). Two prerequisite library installs and a database export is all it takes. You, of course, are welcome to go the Mono route if that’s what you prefer. But it’s completely unnecessary to do so.
I mean, one could also point out that Keepass 2 is already in the Ubuntu repositories and that it can be installed with a simple apt-get install… but in an article about reminding oneself how to get a working Keepass onto a Fedora 15 box as minimally as possible, that would have been rather redundant, I think.
Its in the standard Fedora repo. Why compile it ?
$yum list keepassx
Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_GB to language list
Installed Packages
keepassx.x86_64 0.4.3-1.fc14 @fedora
( Also in F15 repo )
Why not (compile it, that is)? It’s not very difficult. The functional result is much the same. The repo doesn’t give you any newer version than what get by compiling (i.e., 1.x compatible rather than 2.x). The downloads are about the same size. It’s not a piece of software I particularly want to be upgraded all the time, so that aspect of apt-get or yum is not relevant for me. It’s true, you get a menu option created when you install via yum which is missing when you just compile, but that’s not a big deal for me.
I just don’t see a compelling reason to use yum for this one. I do, however, have a couple of reasons the other way.
One is that, sometimes, I just like compiling stuff because it reminds me of old times. Rather more importantly, the second reason is that this is one piece of software I can’t afford to not have working on any Linux I happen to be using at the time, so I would prefer not to have to rely on the contents of any particular distro’s repositories, as far as possible, to be assured of the fact that I can get it working.
If whoever is putting together Fedora 16, for example, decided KeepassX was too old to include, I’d be stuffed… but (hopefully) not if I have the source & the instructions.