March 24, 2014

The other day at work, we were having a discussion about managing passwords. Gone are the days where you could keep everything in your head. Having accounts on over hundreds of sites and apps, I find myself clicking the forgot password link far too often. A non solution is using the same password over all your accounts. If one of them gets leaked, all of your accounts become vulnerable. There are password management apps that generate and store passwords for you like LastPass, but they can’t be trusted as they store your passwords on their servers. There are a couple of apps which locally encrypt your passwords and then back it up in the location of your choice (iCloud / Dropbox) etc but they cost something like $50.

If you’re like me and don’t want to spend 50 bucks on a password app, there is a crude alternative: plain old Vim! . Remember, Vim has an option that enables the encryption of plain text files. But its default encryption mode pkzip is not that secure and can be easily bruteforced. So the first thing you need to do is to set the crypto algorithm to something more secure. Add this to your .vimrc :

set cm=blowfish

So, now create a text file, say .password and open it with Vim. Store your usernames, passwords, sites as tuples in the text file. To set a password type :X , Vim will prompt you for a passphrase, once you enter one and save the file. An encrypted version of the text file will be stored on disk. Every subsequent time you open the file, it will ask you for the pass phrase and then decrypt the file, but it will always save the encrypted version. If you need to change the passphrase, type :X again. Neat, huh?

So you can store this encrypted text file on Dropbox, Google Drive etc to keep your passwords in sync.

Ok, that leaves us with the password generation part, how do we generate strong passwords that follow all those pesky rules. That’s easy, just write a simple script that generates random phrases from the wordlist in your usr/share/dict directory. I wrote a short and simple script in python, feel free to use it.

import random f = open('/usr/share/dict/words') words = map(lambda x: x.strip(), f.readlines()) password = '-'.join(random.choice(words) for i in range(2)).capitalize() password += str(random.randint(1, 9999)) print password

And there you have it, Vim as a simple and convenient password manager!

456 Kudos