TW5: Has anyone created something to replace KeePass2?
194 views
Skip to first unread message
Lyall
Jan 12, 2014, 6:03:43 AM1/12/14
to tiddl...@googlegroups.com
I am re-visiting TW5 and am keen to see if I can discard KeePass2.
Has anyone created a TW5 that is aimed at credential storage?
I have been fiddling with fields, dictionaries, etc and I think that a Tiddler for each host/user/password tagged with 'Credentials' then some sort of 'Display' tiddler that allows me to display this information in a more readable format than the default dictionary display.
Alternatively, is there a way to make dictionaries display as they show in the editor, not as a single line of text?
Also, I would like to create a 'template' which I fill in the fields and can click a 'button' which I will place in the sidebar, which opens a new tiddler with all the tiddler type set appropriately, and the 'left side:' components already in place, waiting for me to key in the data bits.
I am thinking something like the following as a sample 'Credential' tiddler
Obviously, not all of these fields are relevant to all hosts, but for my usage, this is the sort of thing I want to keep.
Anyway, TW5 seems to be really cool and I am enjoying fiddling with it.
...Lyall
Has anyone created a TW5 that is aimed at credential storage?
I have been fiddling with fields, dictionaries, etc and I think that a Tiddler for each host/user/password tagged with 'Credentials' then some sort of 'Display' tiddler that allows me to display this information in a more readable format than the default dictionary display.
Alternatively, is there a way to make dictionaries display as they show in the editor, not as a single line of text?
Also, I would like to create a 'template' which I fill in the fields and can click a 'button' which I will place in the sidebar, which opens a new tiddler with all the tiddler type set appropriately, and the 'left side:' components already in place, waiting for me to key in the data bits.
I am thinking something like the following as a sample 'Credential' tiddler
Domain: domainname
Host: hostname
Workgroup: workgroup
User: username
Password: password
External DNS: example.com
Internal DNS: example.com
External IP: xxx.xxx.xxx.xxx
Internal IP: xxx.xxx.xxx.xxx
RDP: rdp://hostname:3389
SSH: ssh://hostname:22
Notes: blah blah blah
Obviously, not all of these fields are relevant to all hosts, but for my usage, this is the sort of thing I want to keep.
Anyway, TW5 seems to be really cool and I am enjoying fiddling with it.
...Lyall
Jeremy Ruston
Jan 12, 2014, 7:06:21 AM1/12/14
to TiddlyWiki
Alternatively, is there a way to make dictionaries display as they show in the editor, not as a single line of text?
I've committed a change for 5.0.7 so that data dictionaries are displayed in plain text:
Best wishes
Jeremy
Also, I would like to create a 'template' which I fill in the fields and can click a 'button' which I will place in the sidebar, which opens a new tiddler with all the tiddler type set appropriately, and the 'left side:' components already in place, waiting for me to key in the data bits.
I am thinking something like the following as a sample 'Credential' tiddler
Host: hostname
Workgroup: workgroup
User: username
Password: password
External DNS: example.com
Internal DNS: example.com
External IP: xxx.xxx.xxx.xxx
Internal IP: xxx.xxx.xxx.xxx
RDP: rdp://hostname:3389
SSH: ssh://hostname:22
Notes: blah blah blah
Obviously, not all of these fields are relevant to all hosts, but for my usage, this is the sort of thing I want to keep.
Anyway, TW5 seems to be really cool and I am enjoying fiddling with it.
...Lyall
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at http://groups.google.com/group/tiddlywiki.
For more options, visit https://groups.google.com/groups/opt_out.
Jeremy Ruston
mailto:jeremy...@gmail.com
Stephan Hradek
Jan 12, 2014, 7:25:26 AM1/12/14
to tiddl...@googlegroups.com
Am Sonntag, 12. Januar 2014 12:03:43 UTC+1 schrieb Lyall:
Also, I would like to create a 'template' which I fill in the fields and can click a 'button' which I will place in the sidebar, which opens a new tiddler with all the tiddler type set appropriately, and the 'left side:' components already in place, waiting for me to key in the data bits.
PMario
Jan 12, 2014, 12:25:00 PM1/12/14
to tiddl...@googlegroups.com
On Sunday, January 12, 2014 12:03:43 PM UTC+1, Lyall wrote:
I am re-visiting TW5 and am keen to see if I can discard KeePass2.
Has anyone created a TW5 that is aimed at credential storage?
Hopefully not. IMO TW5 primary goal is to be a wiki. KeePass2's primary goal is to be a secure data store.
If you read the info page "Javascript Cryptography Considered Harmful" [1], there are some very strong arguments. One of them is browser caching ...
IMO an other one will be a "new TW5 feature" that will use browser local storage to prevent data loss. So your tiddler content in edit mode may be saved as plain text to the disk. ... @Jeremy did you think about this problem?
... Just carefully read the article [1] and then compare it with the Keypass2 info page about Security [2]. ... KP2 tries to do the best to remove sensitive plain text data from the computers memory, just in case the OS stores memory to the HD in plain text format. (Also visit the reference links)
just my 2€ents
-mario
[1] http://www.matasano.com/articles/javascript-cryptography/
[2] http://keepass.info/help/base/security.html
If you read the info page "Javascript Cryptography Considered Harmful" [1], there are some very strong arguments. One of them is browser caching ...
IMO an other one will be a "new TW5 feature" that will use browser local storage to prevent data loss. So your tiddler content in edit mode may be saved as plain text to the disk. ... @Jeremy did you think about this problem?
... Just carefully read the article [1] and then compare it with the Keypass2 info page about Security [2]. ... KP2 tries to do the best to remove sensitive plain text data from the computers memory, just in case the OS stores memory to the HD in plain text format. (Also visit the reference links)
just my 2€ents
-mario
[1] http://www.matasano.com/articles/javascript-cryptography/
[2] http://keepass.info/help/base/security.html
Jeremy Ruston
Jan 12, 2014, 2:44:00 PM1/12/14
to TiddlyWiki
IMO an other one will be a "new TW5 feature" that will use browser local storage to prevent data loss. So your tiddler content in edit mode may be saved as plain text to the disk. ... @Jeremy did you think about this problem?
Yes, absolutely, it is privacy concerns that make that a hard feature to add. It may well have to be an opt-in feature that users only enable for browsers they trust.
... Just carefully read the article [1] and then compare it with the Keypass2 info page about Security [2]. ... KP2 tries to do the best to remove sensitive plain text data from the computers memory, just in case the OS stores memory to the HD in plain text format. (Also visit the reference links)
I'm also familiar with the matasano article. The TW5 docs should probably make clearer the risks of using crypto in the browser.
Best wishes
Jeremy
just my 2€ents
-mario
[1] http://www.matasano.com/articles/javascript-cryptography/
[2] http://keepass.info/help/base/security.html
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at http://groups.google.com/group/tiddlywiki.
For more options, visit https://groups.google.com/groups/opt_out.
Lyall
Jan 13, 2014, 4:05:15 AM1/13/14
to tiddl...@googlegroups.com
To be quite honest, I find keepass2 clumsy, flakey (particularly on linux, probably more because of mono than because of the keepass2 code). I used to use TWc with my TiddlerEncryptionPlugin, the security is not perfect but the usablity of TW was the main driver. I am not trying to protect myself from a full blown NSA scrutiny, I am am happy with something that will keep 99.999% of the population at bay. So, I understand that some content may be written to disk, but if I am so concerned, I would be doing all sorts of other things to protect myself, like clear cache on exit, zero blocks on delete, etc. ...Lyall
Reply all
Reply to author
Forward
0 new messages