Cooking with Linux - Security's Front Door

Words, words, words...whether spoken by a fool or a genius, they are still the first line of defense in system security.

Figure 1. KriptPass is a Kommander script that provides a graphical front end to the text-based makepasswd command.

It's frightfully easy to use. Select the Password length and the number of passwords you want to generate, and then click Generate. You can cut and paste your new password into whatever application requires a password change. You also can save those passwords to a file by clicking the Save to file check box and selecting a name. If you want your password to use specific characters, check Modify Character Set, and enter your characters. The default uses the ten digits as well as the 26 letters in uppercase and lowercase—just like that, totally random passwords. Increase the password length, and your passwords will be even more secure.

The only catch—and this is the catch with any random, non-pronounceable password—is that the passwords are hard to remember, which, sadly, leads to people writing them down and potentially compromising security. How do we deal with this problem?

Tarek Saidi's KeePassX is a great place for this information. This password manager and data safe provides a secure location for your vast collection of user names and passwords. It's also a cross-platform application that runs under Mac OS X and Windows too. If, like many people, you work on multiple systems and need access to your information, you can copy the database to a USB key and carry it with you. To get and start using KeePassX, visit, or check your distribution's repositories for prebuilt packages (some binary packages are available at the KeePassX Web site).

When you start KeePassX the first time, you'll see that it is divided into two main panes. The left pane is labeled Groups. To the right, in the larger section, are headings for Title, Username, URL and so on. To begin, you need to create a new password database. Click File on the menu bar, and select New Database. A dialog appears asking for a password, which you must enter twice (Figure 2).

Figure 2. Before you can store anything in KeePassX, you need a database. You can create multiple databases if you want.

The database itself is encrypted using 256-bit AES by default, but you also can select 256-bit Twofish. The number of rounds to encrypt is 6,000, making this a very safe place for your personal information. However, don't ever forget that master password. If you want to change the encryption format or the number of rounds, click File and select Database Properties from the menu bar.

The next step is to enter a group. Click Edit on the menu bar and select Add New Group. The Group Properties dialog appears (Figure 3). This is purely informational and serves as a folder for storing passwords. So, enter a title that means something to you, then select an icon from the drop-down list. Click OK when you are done.

Figure 3. When creating a group, you can select an icon to represent the type of information you are storing.

You can create as many of these as you like with names like System passwords, Family PCs (if you are doing the administration on your family's systems), Customer systems and so on. The groups will appear in the Groups column. Select a group, click Edit on the menu bar and then select Add New Entry (or click the plus sign on the icon bar). The Edit Entry window appears (Figure 4). The Group is selected automatically, but if you want, you can choose another at this point. Enter a title to identify the entry, then enter your user name and password information. As you enter your password, the quality of the password is analyzed and reported on the Quality bar. You can add a comment if you like, but it isn't necessary. Additionally, you can select an expiration date, attach a file or simply click OK if you are done.

Figure 4. Add a password entry to your KeePassX safe.

Look closely to the right of the Password Repet. field, and you'll see a button labeled Gen. Given the earlier programs we've looked at, this might sound interesting, non? Click the button, and a password generator appears (Figure 5). KeePassX's password generator allows you to define what characters are included in your password, such as the use of special characters, spaces and so on. You also can define the password length; the default is a difficult-to-crack 20 characters.

Figure 5. If you prefer, KeePassX can generate a password for you.

Click Generate and your password appears in the New Password field. If you like what you see, click Accept. In some ways, this brings us back to where we started, using a tool to generate secure passwords rather than relying on common words or phrases.

Later, when restarting the program, KeePassX challenges you with your master password before giving you access to the safe. If you are the sort of person who needs a tool like KeePassX, you also will have numerous passwords to look through when checking for a login you haven't used in ages. For that inevitable day, KeePassX provides a quick search feature, right on the main window at the far right of the icon bar (Figure 6). Enter one or more words in your title or comments, then press Enter. To see the actual password, double-click on the result, then click the ... button next to the hidden password.

Figure 6. A quick search field is available at the top right of the icon bar. Simply enter part of your title, press Enter and your information is located quickly.

I can see that closing time has arrived, mes amis. Given François' penchant for exposing sensitive information, I may do the locking up myself tonight. Even though I poke fun at François, he still is the best waiter I've ever employed and an artist when it comes to opening and pouring wine. In that, I trust him completely. Please, François, take a moment to refill our guests' glasses a final time. Raise your glasses, mes amis, and let us all drink to one another's health. A votre santé! Bon appétit!