Voici une série de White Papers sur la gestion de mot de passe. http://www.securitydocs.com/Authentication/Passwords

Je pense que la "bonne" approche serait d'utiliser les utilitaires pouvant gérer les fichiers compatibles avec "password safe". C'est le standard de facto qui me semble le plus sécuritaire et le plus actif. Le problème est qu'il n'y a pas d'utilitaire command-line pour *nix qui supporte la dernière version (v3). Autrement, Password Gorilla (GUI) et pwsafe (CLI, mais ne supporte pas la v3 et n'a pas d'interface interactive) sont tous deux excellents. -- TheAnarcat 2008-03-17 17:24:28

LE critère pour mettre une nouvelle option dans la liste:

• licence GPL

cli

kedpm

kepm, replacement for the Figaro Password Manager, which is Gnome-only

• one master password
• commandline and gtk2 interfaces
• python-based
• modular: easy to add backends and frontends
• tree based password cataloging
• as with Figaro, passwords are blowfish-encrypted
• file format mostly compatible with Figaro
• last release: 2004.02.29
• status: currently in use on lethe

freebsd install procedure

cd /usr/ports/security/py-pycrypto; make install
fetch http://voxel.dl.sourceforge.net/sourceforge/kedpm/kedpm-0.4.0.tar.gz
tar zfx kedpm-0.4.0.tar.gz
cd kedpm-0.4.0
python setup.py  install --record=/var/log/kedm-0.4.0.log
# to use:
kedpm -c
# this thing behaves like a shell and is sufficiently self-documented

debian install procedure

Note: we use FreeExperiments/CheckInstall to track installed files (optional).

aptitude install python-crypto python2.3-dev checkinstall
wget http://voxel.dl.sourceforge.net/sourceforge/kedpm/kedpm-0.4.0.tar.gz
tar zfx kedpm-0.4.0.tar.gz
cd kedpm-0.4.0
checkinstall -D python setup.py install

SFL Vault

• commandline

• network and public key-based http://projects.savoirfairelinux.net/wiki/sflvault/Documentation

• automates logging into servers and mysql
• no debian package? (unsure)
• sqlite database backend
• multi-user, multi-customer/group support
• last release 2009-05-12

http://projects.savoirfairelinux.net/wiki/sflvault

gpg

Voir aussi gnupg-symmetric.vim

SPD

http://spd.sourceforge.net/

Encrypts to multiple GPG keys and provides a sensible interface. Aims to support SVN server deployment. Interesting for "all workers" passwords...

However, the interface sucks: it's juste plainfile text edition, and the --add parameter (to add a password) doesn't really work. I also couldn't figure out the syntax of the password file so that my passwords show up properly.

• last release: Apr 24 2009

Counterpane's password safe

Password safe, originally written by Bruce Schneier, windows-only.

• last release: 22.02.2008

pwsafe

pwsafe: a unix utility, commandline (but can copy to X11 clipboard), compatible with password safe (and emacs )

• Pure command-line operation if desired (good for remote access over ssh)...

• ... or can interact with X11 selection & clipboard.

• Portable, endianess-clean, misaligned-access-free C++. Compiles cleanly on linux, *bsd, macos x, solaris.

• Compatible with CounterPane's PasswordSafe Win32 program versions 2.x and 1.x. ( not v3!)

• Funny comments included in source code.
• last release: Sep 30th 2005
• no interactive commandline interface

Introduction

cpm

cpm, a commandline password manager

• one master password
• commandline only (ncurses)
• GnuPG blowfish encryption (128bit)
• csv import/export
• last release: 2002.09.12

pwman

pwman, with a text interface

• commandline only (ncurses)
• written in C
• uses gnupg for encryption
• last release: 2007-08-28

pwman3

• commandline
• sqlite or SQL backend
• various backend support
• interactive interface similar to kedpm (ie. no clipboard)
• last release: jan 2007

Yapet

Ncurses-based, minimal dependencies.

http://www.guengel.ch/myapps/yapet/

• last release: 2009-07-10

Simsafe

• Simsafe is nothing else but a simple Perl script wrapped around the symmetric encryption functions of GPG.

• writes the GPG password on disk (temporarly).

• http://blog.philippheckel.com/2009/04/07/simsafe-simple-command-line-password-safe/

• first and last release: Simsafe v0.1, Apr. 2009

GUI

password gorilla

• http://fpx.de/fp/Software/Gorilla/

• crossplatform (linux, windows, osx) TCL/TK

• compatible with PasswordSafe v2-3

• Last release: July 3, 2006.

• New Development going on: http://github.com/zdia/gorilla

Revelation

• http://oss.codepoet.no/revelation/wiki/Home

• active projet
• GUI
• "Revelation is a password manager for the GNOME 2 desktop. It organizes accounts in a tree structure, and stores them as AES-encrypted XML"
• allow import/export in more than 10 formats
• multi users: ? putting the database under version control ?

gnu keyring

For Palms. http://gnukeyring.sourceforge.net/

gpass

A Gnome password manager

• last release: 2006-03-25

MyPasswordSafe

http://www.semanticgap.com/myps/ PasswordSafe-compatible, in theory. Linux GUI.

• last release: February 4th, 2004

KeePassX

http://www.keepassx.org/

• good words from MLUG on it.
• Crossplatform: Linux/Windows (QT)
• no CLI
• popular project on Sourceforge
• supports keyfiles or passwords or both
• AES/Twofish
• password generator
• last release: 07. March 2010

PWS

• GUI, "pws aims to be a fully compatible passwordsafe implementation. heart of the project is libpws, a general library for reading and writing passwordsafe compatible files. currently passwordsafe files format v2 and passwordsafe files format v3.2 are supported."
• looks interesting, but no commandline version
• last release: 09 Dec 2008

• http://www.pwsafe.de/

Web base !!!

w3pw

Web based, PHP, MySQL.

http://w3pw.sourceforge.net/