What's the best way to store a passphrase?
I've recently enabled Ubuntu's encrypted /home/ directory features and I was asked to remember a passphrase in case I would need to recover the data manually.
What is the best way to store this passphrase without compromising security?
Write it down, on a bit of paper. Put that paper somewhere safe, like where you put your passports and important papers.
Encryption keys should be copied onto a USB stick and put into the same place.
I use Password Gorilla and PasswordSafe for everyday password storage and have the password to that in my brain (its complex, the only one I have to remember and used daily) and on a safe bit of paper (in case that fabled bus hits me).
Keepass
Excellent tool not just for passhrases, but for any login/password you have to store.
I personally use for all my passwords for all on line services I use.
Some of its features:
- Strong Security
- Multiple User Keys
- Portable and No Installation Required
- Export To TXT, HTML, XML and CSV Files
- Import From Many File Formats
- Easy Database Transfer
- Support of Password Groups
- Time Fields and Entry Attachments
- Auto-Type, Global Auto-Type Hot Key and Drag&Drop
- Intuitive and Secure Clipboard Handling
- Searching and Sorting
- Multi-Language Support
- Strong Random Password Generator
- Plugin Architecture
- Open Source!
Warning See update.
Keepass is actually a windows app, but you can run version 1.x without problems (at least for me) with Wine or versions 2.x with the newest version of mono.
or
you can use the linux native KeepassX
sudo apt-get install keepassx
Personally I prefer to use the original Keepass, since I can run it from my thumb drive on any system I have to use. But KeepassX is fine if you intend to use it only on your personal computer.
PS: You can install Mono, KeepassX and Wine from the Software Center if don't already have them.
UPDATE:
As of Ubuntu 11.04 (at least that's when I noticed), you can install Keepass 2 from the Software Center or
sudo apt-get install keepass2