1 |
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ |
2 |
On Saturday, August 1, 2020 5:49 PM, J. Roeleveld <joost@××××××××.org> wrote: |
3 |
|
4 |
> > > This is not a GUI |
5 |
> > |
6 |
> > xterm is GUI. you don't need to click on gtk/qt |
7 |
> > widgets to access details of password entries. |
8 |
> > gtk/qt is a massive overkill. |
9 |
> |
10 |
> Please check the meaning of " GUI " and try to answer my statement again. |
11 |
|
12 |
xterm/urxvt is a gui. it can render images too. |
13 |
e.g. seen ranger? |
14 |
|
15 |
but nitpick aside, i know what you want. you want |
16 |
an app that uses gtk or qt libraries, so that you |
17 |
get some buttons to click on with your mouse, and |
18 |
menus and scrollbars to drag around — but why |
19 |
would you seek to do this to yourself? very |
20 |
sadistic. |
21 |
|
22 |
if you check the latest version in this dev branch |
23 |
(wip, code will improve next month): |
24 |
|
25 |
https://github.com/Al-Caveman/nsapass/tree/space-cephalopod |
26 |
|
27 |
you'll find a neat interactive feature and a |
28 |
search feature that allows you to, say, retrieve |
29 |
passwords really fast. e.g. `nsapass get c p` |
30 |
would equate `nsapass get caveman protonmail` (if |
31 |
c p makes it unique). |
32 |
|
33 |
> > > This makes portability a problem. Exactly why keepass (and clones) are |
34 |
> > > used more. |
35 |
> > |
36 |
> > compatibility with keepassxc is extremely |
37 |
> > overrated. it's easy to port nsapass to |
38 |
> > windows/apple (may even work out of the box, |
39 |
> > didn't try). |
40 |
> |
41 |
> Compatibility with "keepass" (keepassxc is already a different tool/clone) is |
42 |
> important and makes it simpler to use the same database on different |
43 |
> environments. |
44 |
> You might be happy with a simplistic database that only stores a few |
45 |
> passwords. I tend to deal with passwords that are shared within teams because |
46 |
> the hardware involved only supports a single account. This makes tools like |
47 |
> keepass important. |
48 |
|
49 |
curious, any standardized or special hardware that |
50 |
works with keepass? e.g. some kind of dual factor |
51 |
authentication? or maybe USB sticks that give you |
52 |
some physical button to, mechanically, select if |
53 |
the passwords inside should be read? anything |
54 |
else interesting? |
55 |
|
56 |
about `few passwords'. i'm also curious why do |
57 |
you think so? e.g. here is a quick test with an |
58 |
outrageously unrealistic test of 1 million key |
59 |
entries in nsapass: |
60 |
|
61 |
- 3.9 seconds for scrypt to decrypt the file. |
62 |
for a good reason that makes it more secure |
63 |
than keepass's aes 256-bit enc. |
64 |
|
65 |
- 2.6 seconds for python's json to parse the |
66 |
file (parsing 1 mil entries). |
67 |
|
68 |
- everything else was instantaneous after that |
69 |
(just a dictionary lookup). |
70 |
|
71 |
about your team, not sure about your point. you |
72 |
said that nsapass is simplistic. so i guess this |
73 |
means that keepass offers you something more? or |
74 |
is it just that you have more people already using |
75 |
it and too lazy to migrate? |
76 |
|
77 |
> > > Nice, a full detailed list of every single change to your passwords :) |
78 |
> > |
79 |
> > no. how do you backup your passwords file? |
80 |
> > dropbox? flash disk? it's up to you. this is |
81 |
> > unrelated to the passwords manager. |
82 |
> |
83 |
> Actually, the more copies with changes to your passwords there are, the easier |
84 |
> it will be to guess your passwords. |
85 |
|
86 |
i never denied this. nothing in nsapass that |
87 |
makes you copy passwords with changes. i don't |
88 |
know where you got this. |
89 |
|
90 |
i personally use git to copy my passwords database |
91 |
around, but this -obviously- has nothing to do |
92 |
with nsapass. |
93 |
|
94 |
> > > The likes of NSA don't actually care about your (dis)approval. |
95 |
> > |
96 |
> > no one does. not unique to nsa. people |
97 |
> > exaggerate nsa as if they are any better. |
98 |
> > tbh, nsa is even better than most of our |
99 |
> > neighbours. if our phones fall in the hands of |
100 |
> > our neighbours, next day most people will find |
101 |
> > themselves in pornhub. but nsa can get it all, |
102 |
> > and yet they still didn't leak it to pornhub (at |
103 |
> > least not as much). |
104 |
> |
105 |
> No, they leak it to the press and wikileaks. |
106 |
|
107 |
leakers like snowden? doesn't media call them |
108 |
``heros''? |
109 |
|
110 |
see, NSA is made of decent people. they either |
111 |
keep our secrets better than our neighbours do, |
112 |
or, when they leak it, they do so for a good cause |
113 |
and become ``heros''. |
114 |
|
115 |
i personally trust NSA much better than my trust |
116 |
to my neighbours (no comparision). nothing personal |
117 |
against my neighbours, decent people, but they are |
118 |
less educated than NSA's staff. |
119 |
|
120 |
it's just a matter of honesty to state that media's |
121 |
stance against NSA is unfair imo. even though this |
122 |
statement will probably harm the reputation of |
123 |
nsapass as i'm its dev and i'm flirting NSA (not |
124 |
that it matters though). |