Saturday, September 17, 2011

Introducing the Pasaffe password manager

For the past few years, I had been storing my passwords in an application called GPass. What I liked about it when I started using it at that time was its simplicity, and the fact that each entry in the database has a notes field that can be used for any additional information that the predetermined fields don't handle.

Unfortunately, it doesn't seem to be actively developed anymore, and has been dropped from the Debian and Ubuntu archives. What's more, I've never looked closely at how secure the database format is, and there is no way to open the database it creates on other devices, such as my phone.

I started looking for a replacement about six months ago, and I didn't like most of the ones I tried. Some of them used a cross-platform GUI toolkit which made the app cumbersome to use. Others were too complex, didn't have a place to store notes, or were no longer actively maintained.

Since I've been wanting to learn GTK programming for a long time, this presented itself as a great opportunity. I started by looking at the popular password database formats, and the one that stood out was the one used by PasswordSafe. It is well documented, well designed, and has implementations available on numerous platforms. I implemented a Python library to read and write the database format, and then proceeded to use the excellent Quickly tool to create the initial GTK user interface. Since I want my app to run on the latest LTS release, Lucid, I decided to stick with PyGTK for now instead of PyGObject. I plan on converting it to PyGObject for the next LTS release. After having developed it for a while, I feel it's in a good enough state to be used.

Introducing: Pasaffe!

You can find the upstream project page here.
You can install it from a PPA here.

If anyone wants to contribute to it, there's a list of currently unimplemented features and other things that need to be done in the TODO file.

5 comments:

Alexandre Franke said...

I wonder what these do that seahorse/gnome-keyring don't. Also, you should have a look at http://www.clipperz.com/ which has an interesting mechanism (zero knowledge).

mdeslaur said...

gnome-keyring isn't really idea to store a large number of manually entered passwords, and it doesn't support any of my criteria: database compatible with phone, notes field, etc.

Entering my passwords for storage into a web browser wouldn't be something I would be comfortable doing.

Bacho said...

hello!

do you try revelation? http://oss.codepoet.no/revelation/wiki/Home

mdeslaur said...

I did try Revelation. It was pretty nice, but it's been abandoned, and there were a few things that it didn't have that I wanted.

password manager said...

Speaking as PW: We’d like to throw our hat into the ring of being considered as one of the best. In fact, we are the only password management app that does not actually record your passwords. Can’t get much safer than that!