[Discuss] Password managers

[dbarrett at blazemonger.com (Daniel Barrett)]

Oops, I missed a couple of your questions, Steve!

On May 8, 2020, Steve Litt wrote:
>I'm going to arrange for a piece of punctuation to be inserted when
>creating the password. Most accounts require a punctuation in the
>password, but they all differ as to *which* punctuation they allow.

FWIW, the pwgen command I suggested does generate punctuation in the
passwords. Sample generated password:

  E9;d,#A&72f5Kt&`GiE$pC

The pwgen -r and -y options may help you restrict the set of
characters used.

>I assume that you have a big, hairy password on this password file so
>somebody who takes possession of the password file can't brute force
>it.

The password file is protected by gpg's public key encryption, so the
attacker would need the private key and the passphrase. And yes, the
passphrase is extra hairy. :-)

>Is it inconvenient that every time you need a password, you need to
>type in your big, hairy master password? Or do you have a way of only
>typing it once?

That's determined by how you configure gpg-agent. My
~/.gnupg/gpg-agent.conf file forces the gpg passphrase to expire in 1
second:

# gpg-agent.conf:
#
# Don't cache passphrases
default-cache-ttl 1
max-cache-ttl 1

# Prompt for passphrase in the CLI, not graphically.
# I compiled pinentry-tty myself due to bugs in the Ubuntu 18.04 version
# found in /usr/bin/pinentry-tty.
pinentry-program /usr/local/pinentry/bin/pinentry-tty

# Emacs integration
allow-emacs-pinentry
allow-loopback-pinentry

You can permit passphrase caching for whatever time period you prefer.

Dan