‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday, August 1, 2020 5:49 PM, J. Roeleveld <[email protected]> wrote:
> > > This is not a GUI
> >
> > xterm is GUI. you don't need to click on gtk/qt
> > widgets to access details of password entries.
> > gtk/qt is a massive overkill.
>
> Please check the meaning of " GUI " and try to answer my statement again.
xterm/urxvt is a gui. it can render images too.
e.g. seen ranger?
but nitpick aside, i know what you want. you want
an app that uses gtk or qt libraries, so that you
get some buttons to click on with your mouse, and
menus and scrollbars to drag around — but why
would you seek to do this to yourself? very
sadistic.
if you check the latest version in this dev branch
(wip, code will improve next month):
https://github.com/Al-Caveman/nsapass/tree/space-cephalopod
you'll find a neat interactive feature and a
search feature that allows you to, say, retrieve
passwords really fast. e.g. `nsapass get c p`
would equate `nsapass get caveman protonmail` (if
c p makes it unique).
> > > This makes portability a problem. Exactly why keepass (and clones) are
> > > used more.
> >
> > compatibility with keepassxc is extremely
> > overrated. it's easy to port nsapass to
> > windows/apple (may even work out of the box,
> > didn't try).
>
> Compatibility with "keepass" (keepassxc is already a different tool/clone) is
> important and makes it simpler to use the same database on different
> environments.
> You might be happy with a simplistic database that only stores a few
> passwords. I tend to deal with passwords that are shared within teams because
> the hardware involved only supports a single account. This makes tools like
> keepass important.
curious, any standardized or special hardware that
works with keepass? e.g. some kind of dual factor
authentication? or maybe USB sticks that give you
some physical button to, mechanically, select if
the passwords inside should be read? anything
else interesting?
about `few passwords'. i'm also curious why do
you think so? e.g. here is a quick test with an
outrageously unrealistic test of 1 million key
entries in nsapass:
- 3.9 seconds for scrypt to decrypt the file.
for a good reason that makes it more secure
than keepass's aes 256-bit enc.
- 2.6 seconds for python's json to parse the
file (parsing 1 mil entries).
- everything else was instantaneous after that
(just a dictionary lookup).
about your team, not sure about your point. you
said that nsapass is simplistic. so i guess this
means that keepass offers you something more? or
is it just that you have more people already using
it and too lazy to migrate?
> > > Nice, a full detailed list of every single change to your passwords :)
> >
> > no. how do you backup your passwords file?
> > dropbox? flash disk? it's up to you. this is
> > unrelated to the passwords manager.
>
> Actually, the more copies with changes to your passwords there are, the easier
> it will be to guess your passwords.
i never denied this. nothing in nsapass that
makes you copy passwords with changes. i don't
know where you got this.
i personally use git to copy my passwords database
around, but this -obviously- has nothing to do
with nsapass.
> > > The likes of NSA don't actually care about your (dis)approval.
> >
> > no one does. not unique to nsa. people
> > exaggerate nsa as if they are any better.
> > tbh, nsa is even better than most of our
> > neighbours. if our phones fall in the hands of
> > our neighbours, next day most people will find
> > themselves in pornhub. but nsa can get it all,
> > and yet they still didn't leak it to pornhub (at
> > least not as much).
>
> No, they leak it to the press and wikileaks.
leakers like snowden? doesn't media call them
``heros''?
see, NSA is made of decent people. they either
keep our secrets better than our neighbours do,
or, when they leak it, they do so for a good cause
and become ``heros''.
i personally trust NSA much better than my trust
to my neighbours (no comparision). nothing personal
against my neighbours, decent people, but they are
less educated than NSA's staff.
it's just a matter of honesty to state that media's
stance against NSA is unfair imo. even though this
statement will probably harm the reputation of
nsapass as i'm its dev and i'm flirting NSA (not
that it matters though).
