Secure Password Management using NACL and Go
Last weekend, I finished up a project that had been in the back of my mind for a while. The project was not an original idea; it's a password manager. At its most basic, a password manager is an encrypted volume in which you store your myriad unique passwords for all the various services you use. Many find that a text file and GPG is sufficient, but most prefer the usability improvements that utilities such as LastPass, KeePass(X), and 1Password provide. However, these all have problems that I could not easily ignore. LastPass is centralized and closed source, leaving you trusting an unauditable service that holds all your data. 1Password is also closed source. KeePass is a monstrously complex application, complete with support for plugins, browser integration, and dozens of other features, all of which are incidental to the main function of a password manager and are potentially exploitable. All of the above store the entirety of your credentials in memory for long periods of time.
After feeling disillusioned with the current offerings of password managers, a colleague introduced me to pass, a password manager inspired by the UNIX philosophy.
passis clearly a step closer to what I wanted out of a password manager. Unfortunately, pass also failed a cursory security audit. An attacker with access to your
.password-storedata directory learns:
Click here to see the full blog post
After feeling disillusioned with the current offerings of password managers, a colleague introduced me to pass, a password manager inspired by the UNIX
I think, NACL is a nice tool for management. This https://www.passwordwrench.com is also secure to use.