Tag Archives: passwords

KeePassX: The Perfect Password App

Recently, I’ve been having some trouble with passwords. Either the login name is a string I never use, and therefore never commit to memory (like my real phone number that I mask with Google Voice), or the password policy forces me to use a password that I’ll never remember (like sites that keep track of your past passwords, or require 11 characters of alternating symbols, letters and numbers, etc.). Since I use spamgourmet, any site that requires an email address as a username is another puzzle – sometimes I even have to login there to find the right one. Also, I have a concern that if I die, my wife will have real trouble getting into all my accounts, so it would be nice if I could just leave her one password to give her access to all that information. So, I broke down and started using a password organizer app. Now, I have always been averse to using these applications for a variety of reasons (online companies having all your passwords, plaintext in swap space / memory, keyloggers, insecure encryption, etc.), but I managed to find one that’s open source, never caches my master password, widely used, and has extreme cross-platform capabilities. KeePassX is the name, and it’s available in Ubuntu. Installing it is left as an exercise to the reader. Once you get in there and add a few passwords, it starts to look something like this:

It allows you to mask both your usernames and passwords (both optionally) from the top-level view. It has clipboard capabilities, so you can just copy your password to the clipboard by clicking a button, and never see it on the screen in plain-text. Their security is really well-done. But the big realization today was that they have an Android App! This app only need the kdb file from any instance of the application, and of course the password to decrypt it. It’s available in the market too! But, how do you sync changes between your main desktop and your phone? Dropbox! Using the dropbox mobile app, I simply synced the kdb file onto the phone, and then opened it. KeePassDroid popped up and asked if I wanted to make it the default database, and I checked the box. Done.

Now, whenever I make a change, it syncs over Dropbox like magic.

Good Passwords with GnuPG

I found out from this site that GPG can be used to generate random text for passwords. Here’s the command:

 gpg --gen-random 1 20 | gpg --enarmor | sed -n 5p

Very simple. I may have to use this in the future.


This limits you to the Base64 character set, greatly limiting the search space for password cracking.  One should really use something other than enarmor to spit out a random printable ASCII string…


OK, I did it.  It took some time, but it works nicely now, and generates MUCH better passwords:

hank@tardis:/nexus/tardis/hank$ for i in 1 2 3 4; \
  do gpg --gen-random 1 20 | \
  perl -ne's/[\x00-\x20]/chr(ord($^N)+50)/ge;s/([\x7E-\xDB])/chr(ord($^N)-93)/ge;s/([\xDC-\xFF])/chr(ord($^N)-129)/ge;print $_, "\n"';

I know that probably looks like gobbledy-gook, but the main part of it is this:

gpg --gen-random 1 20 | perl -ne'print "Your password: ";s/[\x00-\x20]/chr(ord($^N)+50)/ge;s/([\x7E-\xDB])/chr(ord($^N)-93)/ge;s/([\xDC-\xFF])/chr(ord($^N)-129)/ge;print $_, "\n"'

Run that in a terminal, and profit.