The Best Linux Password Managers

We all know it's safer to use different passwords for all of the websites we login to. We also know passwords should be as random as possible, using a certain minimum length, uppercase, lowercase, and symbols. But when following those rules, it becomes a lot harder to remember passwords, let alone remembering which password goes to which website. This is where a password manager come in. I know some people like to just use a spreadsheet, however it's better to use an encrypted file. Most password managers use encrypted files to store passwords. Some of them even cross platforms, enabling you use your password file on all platforms. The list below is in no particular order. All of the password managers discussed below can be found in the Ubuntu and Debian repositories.

Revelation is a simple password manager. Features:

• Store your passwords securely
• Password generator
• Password protection for your passwords

FPM2 has a great feature set. The ability to not only protect your credentials with a password but also with a key file is great. Credentials can never be secure enough. A key file can be any file you select on the computer. Key files are used to create a hash which is then used for access to your credentials. Key Features:

• Passwords are encrypted with the AES-256 (old version use blowfish) algorithm.
• Key for encryption is generated with PBKDF2 using HMAC-SHA-256 with 8192 iterations.
• Optionally you can use two-factor authentication. To decrypt the list of passwords, you must know the master password and you must have the key file.
• Copy passwords or user-names to the clipboard/primary selection.

Gringotts is more than just a password manager. Gringotts wants to be your manager for all sensitive data. Gringotts has the most complete feature set I have seen out of any of the password managers reviewed. In short, if Gringotts can't keep the data safe then nothing can. I haven't been able to find a full feature list. Honestly to make one myself and include it in this article would take up a full page. Here is a quick (very short) summary:

• Choice of eight strong encryptions to choose from.
• Ability to set an expiration on passwords
• Security monitor. See with what options you are currently running Gringotts
• Secure wipe to completely erase any trace of old files
• Password quality check
• Ability to attach files to security records
• Create complete records with indexing (great for medical records)

I'm not sure if Gringotts is useful for passwords. For credit card information or medical records, it's great also. Gringotts creates separate files or what Gringotts calls "stores". It saves the information you put in, as well as the attached files in that store. If you attach a file it will remove the original and add the file to the store. It seems like this project has been abandoned however (no updates since June of 2009). What we are left with is a great, safe data store.

In this case, we are looking at the Gnome Password Manager. Also referred to as GPass, it is also a anonymity proxy widely used in China. If you are looking for GPass (the proxy), then go here. Features:

• Clean and easy-to-use user interface.
• Quick-search facility.
• Username and password may easily be copied to the clipboard.
• Encryption is done using the OpenSSL crypto graphics library.
• The built-in password generator helps you generate secure passwords.

It's a very simple password manager that looks a lot like Revelation. However GPass adds what Revelation is missing. GPass's password generator has the ability to add symbols as well. It's easy to use and has the ability to set the password to expire in a set amount of days

So far none of the password managers have been cross platform. This is where KeePassX comes in. I use KeepassX myself on a daily basis. I need it because sometimes I do need to step over to the darkside and use Windows for a couple of hours. KeePassX allows me to do this. Key Features:

• Extensive management - title for each entry for better identification
  - possibility to determine different expiration dates
  - insertion of attachments
  - user-defined symbols for groups and entries
  - fast entry dublication
  - sorting entries in groups
• Database security
  - access to the KeePassX database is granted either with a password, a key-file (e.g. a CD or a memory-stick) or even both.
• Encryption- either the Advanced Encryption Standard (AES) or the Twofish algorithm are used
  - encryption of the database in 256 bit sized increments

So what do you do when you work on a server or spend a lot of time at the command line? pwsafe is a password database for the command line. Features:

• Pure command-line operation if desired (good for remote access over ssh)
• Can interact with X11 selection & clipboard.
• Portable, endianess-clean, misaligned-access-free C++. Compiles cleanly on linux, *bsd, macos x, solaris.
• Compatible with CounterPane's PasswordSafe Win32 program versions 2.x and 1.x.
• Funny comments included in source code.