Nota: Artículo disponible en castellano aquí / spanish version available here
If you use more than one computer (maybe with different SO) and manage lots of complex passwords (you should), you will need:
- To store the passwords in a secure way.
- To able to access them from any machine or platform and keep them synchronized.
- Ideally, you would like to enter the password in whatever site or service in a quick and secure way auto-type functionallity(see below for auto-type functionality, it is cool)
- Be able to define expiration dates for password renewaland get reminders from your password manager to do so
Conclusion: After some research I decide to use this combination of tools:: KeePass + DropBox
- Install KeePass or KeePassX in every machine. Multiplatform
- Install DropBox in every machine. Also multiplatform
- The password file stays always encrypted and synchronizedthrough DropBox
- The password file stays double protected: on one way, you have a very secure encryption algorithm on KeePass. You also have an extra layer of encryption with DropBox .
- If the password file gets corrupted, DropBox let you go to the previous version of the file (DropBox keeps a history of file changes)
You can download KeePass here
(for Windows) , use dpkg
for Linux to get KeePassX
, or download it from: http://www.keepassx.org/
From KeePassX web site:
"Originally KeePassX was called KeePass/L for Linux since it was a port of Windows password manager Keepass Password Safe. After KeePass/L became a cross platform application the name was not appropriate anymore and therefore, on 22 March 2006 it has been changed."
The idea is installing KeePass and store the KDB file (the password file) in your DropBox.
The password file is synchronized across your machines, and can be opened by KeePass on Windows, or KeePassX in Linux or MacOs.
The password file is protected by usign a encryption algorithm considered safe (see http://keepass.info/help/base/security.html for more detaiils).
The sensible data remains encrypted in memory while in use.
"In order to generate the 256-bit key for the block ciphers, the Secure Hash Algorithm SHA-256 is used. This algorithm compresses the user key provided by the user (consisting of password and/or key file) to a fixed-size key of 256 bits. This transformation is one-way, i.e. it is computationally infeasible to invert the hash function or find a second message that compresses to the same hash.
The recently discovered attack against SHA-1  doesn't affect the security of SHA-256. SHA-256 is still considered as being very secure ."
Using auto-type functionality you can sign-in using your credentials in a fast and secure way. Watch the video:
Any comment or sugestion?