Am 2018-03-11 04:21, schrieb Anselm Garbe:
On 10 March 2018 at 06:08, Markus Teich <> wrote:
Should be fine, but the salt should not be secret (you need to sync it
between devices where you want to use this system after all). The point is that you can give your encrypted database as it is stored on disk to anyone
and they would not be able to derive anything (you care about) from it
without the master password. Depending on what you care about, the whole

In the end the master password should be the only thing that needs to be
secret and you can easily "sync" that between devices by remembering it. ;)

I tried to grasp the overall suggestion, but how is that different to
a single text stream of the format:

user@domain: password\n*

being encrypted using your own PGP public key into a single file? Each
time you want to know a username or password, you decrypt the file,
look it up and are done with it.

Are you concerned about portions becoming decrypted in memory on your
local host?

Using a single file encrypted with gpg would certainly work too. You just have to be a bit more careful with the handling as you risk leaking the complete file instead of just a single password. For example the file needs some structure that you may want to enforce to some degree to make it usable for tools like selecting and pasting your password into login forms. In my experiment I found it easier to have one file per key (e.g. domain) and then use the first line as the canonical password while additional lines could be used for those annoying
security questions some websites require or other related information.


Reply via email to