| 1 |
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ |
| 2 |
On Saturday, August 1, 2020 5:49 PM, J. Roeleveld <joost@××××××××.org> wrote: |
| 3 |
|
| 4 |
> > > This is not a GUI |
| 5 |
> > |
| 6 |
> > xterm is GUI. you don't need to click on gtk/qt |
| 7 |
> > widgets to access details of password entries. |
| 8 |
> > gtk/qt is a massive overkill. |
| 9 |
> |
| 10 |
> Please check the meaning of " GUI " and try to answer my statement again. |
| 11 |
|
| 12 |
xterm/urxvt is a gui. it can render images too. |
| 13 |
e.g. seen ranger? |
| 14 |
|
| 15 |
but nitpick aside, i know what you want. you want |
| 16 |
an app that uses gtk or qt libraries, so that you |
| 17 |
get some buttons to click on with your mouse, and |
| 18 |
menus and scrollbars to drag around — but why |
| 19 |
would you seek to do this to yourself? very |
| 20 |
sadistic. |
| 21 |
|
| 22 |
if you check the latest version in this dev branch |
| 23 |
(wip, code will improve next month): |
| 24 |
|
| 25 |
https://github.com/Al-Caveman/nsapass/tree/space-cephalopod |
| 26 |
|
| 27 |
you'll find a neat interactive feature and a |
| 28 |
search feature that allows you to, say, retrieve |
| 29 |
passwords really fast. e.g. `nsapass get c p` |
| 30 |
would equate `nsapass get caveman protonmail` (if |
| 31 |
c p makes it unique). |
| 32 |
|
| 33 |
> > > This makes portability a problem. Exactly why keepass (and clones) are |
| 34 |
> > > used more. |
| 35 |
> > |
| 36 |
> > compatibility with keepassxc is extremely |
| 37 |
> > overrated. it's easy to port nsapass to |
| 38 |
> > windows/apple (may even work out of the box, |
| 39 |
> > didn't try). |
| 40 |
> |
| 41 |
> Compatibility with "keepass" (keepassxc is already a different tool/clone) is |
| 42 |
> important and makes it simpler to use the same database on different |
| 43 |
> environments. |
| 44 |
> You might be happy with a simplistic database that only stores a few |
| 45 |
> passwords. I tend to deal with passwords that are shared within teams because |
| 46 |
> the hardware involved only supports a single account. This makes tools like |
| 47 |
> keepass important. |
| 48 |
|
| 49 |
curious, any standardized or special hardware that |
| 50 |
works with keepass? e.g. some kind of dual factor |
| 51 |
authentication? or maybe USB sticks that give you |
| 52 |
some physical button to, mechanically, select if |
| 53 |
the passwords inside should be read? anything |
| 54 |
else interesting? |
| 55 |
|
| 56 |
about `few passwords'. i'm also curious why do |
| 57 |
you think so? e.g. here is a quick test with an |
| 58 |
outrageously unrealistic test of 1 million key |
| 59 |
entries in nsapass: |
| 60 |
|
| 61 |
- 3.9 seconds for scrypt to decrypt the file. |
| 62 |
for a good reason that makes it more secure |
| 63 |
than keepass's aes 256-bit enc. |
| 64 |
|
| 65 |
- 2.6 seconds for python's json to parse the |
| 66 |
file (parsing 1 mil entries). |
| 67 |
|
| 68 |
- everything else was instantaneous after that |
| 69 |
(just a dictionary lookup). |
| 70 |
|
| 71 |
about your team, not sure about your point. you |
| 72 |
said that nsapass is simplistic. so i guess this |
| 73 |
means that keepass offers you something more? or |
| 74 |
is it just that you have more people already using |
| 75 |
it and too lazy to migrate? |
| 76 |
|
| 77 |
> > > Nice, a full detailed list of every single change to your passwords :) |
| 78 |
> > |
| 79 |
> > no. how do you backup your passwords file? |
| 80 |
> > dropbox? flash disk? it's up to you. this is |
| 81 |
> > unrelated to the passwords manager. |
| 82 |
> |
| 83 |
> Actually, the more copies with changes to your passwords there are, the easier |
| 84 |
> it will be to guess your passwords. |
| 85 |
|
| 86 |
i never denied this. nothing in nsapass that |
| 87 |
makes you copy passwords with changes. i don't |
| 88 |
know where you got this. |
| 89 |
|
| 90 |
i personally use git to copy my passwords database |
| 91 |
around, but this -obviously- has nothing to do |
| 92 |
with nsapass. |
| 93 |
|
| 94 |
> > > The likes of NSA don't actually care about your (dis)approval. |
| 95 |
> > |
| 96 |
> > no one does. not unique to nsa. people |
| 97 |
> > exaggerate nsa as if they are any better. |
| 98 |
> > tbh, nsa is even better than most of our |
| 99 |
> > neighbours. if our phones fall in the hands of |
| 100 |
> > our neighbours, next day most people will find |
| 101 |
> > themselves in pornhub. but nsa can get it all, |
| 102 |
> > and yet they still didn't leak it to pornhub (at |
| 103 |
> > least not as much). |
| 104 |
> |
| 105 |
> No, they leak it to the press and wikileaks. |
| 106 |
|
| 107 |
leakers like snowden? doesn't media call them |
| 108 |
``heros''? |
| 109 |
|
| 110 |
see, NSA is made of decent people. they either |
| 111 |
keep our secrets better than our neighbours do, |
| 112 |
or, when they leak it, they do so for a good cause |
| 113 |
and become ``heros''. |
| 114 |
|
| 115 |
i personally trust NSA much better than my trust |
| 116 |
to my neighbours (no comparision). nothing personal |
| 117 |
against my neighbours, decent people, but they are |
| 118 |
less educated than NSA's staff. |
| 119 |
|
| 120 |
it's just a matter of honesty to state that media's |
| 121 |
stance against NSA is unfair imo. even though this |
| 122 |
statement will probably harm the reputation of |
| 123 |
nsapass as i'm its dev and i'm flirting NSA (not |
| 124 |
that it matters though). |
Archives