./security/gnu-pw-mgr, Password manager

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.7.4, Package name: gnu-pw-mgr-2.7.4, Maintainer: pkgsrc-users

GNU gnu-pw-mgr is a password manager designed to make it easy to
reconstruct difficult passwords when they are needed, while limiting
the risk of attack. The user of this program inputs a very long
initial password "seed" and a self-defined transformation of a web
site URL to obtain both the password and a user name hint for that
web site. The seed is stored in a hidden file. However, the passwords
and the URL transforms are never stored anywhere. You must remember
this transform (password id), or the password is lost forever.


Required to build:
[pkgtools/cwrappers]

Master sites: (Expand)

Filesize: 1578.26 KB

Version history: (Expand)


CVS history: (Expand)


   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2021-03-08 13:39:33 by Ryo ONODERA | Files touched by this commit (2)
Log message:
gnu-pw-mgr: Update to 2.7.4

* Use pkgsrc libtool.
* Use MASTER_SITE_GNU as MASTER_SITES.

Changelog:
New in 2.7.4 - September 2020
New in 2.4 - August, 2018

disable the --use-pbkdf2 option and implement --rehash as replacement

* the default "rehash" count is printed with --status output
* security question answers can now be stable across password
  changes. Two answers are now printed: the deprecated version
  that changes with the rehash count, and the new version that
  is stable.

New in 2.2 - June, 2018

* Chase Bank has added the password restriction that no three characters
  may be in sequence. So look for that and fix it, if need be.

* Let people know when they last modified a password.
  Mark the day when the pbkdf2 count is modified.

* The confirmation value printed out is a hash based on the confirmation
  string and the current password. So, if the password changes, then
  so does the confirmation string. Not ideal. This change restricts
  the hashing source to just the password id and the confirmation
  string.

* Users may now specify a config file other than the default.

New in 2.0 - May, 2016

* A new option --shared to implement sharing passwords.
  This allows shared logins with secure passwords and still
  keeps all the other passwords very secret.  See the docs for
  the rationale and usage.
   2020-01-19 00:36:14 by Roland Illig | Files touched by this commit (3046)
Log message:
all: migrate several HOMEPAGEs to https

pkglint --only "https instead of http" -r -F

With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.

This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-08-21 17:20:33 by Thomas Klausner | Files touched by this commit (2)
Log message:
Update to 1.5:

New in 1.5 - August, 2015

* PIN number passwords got broken somewhere along the line.
  Nobody much uses tham.  (A good thing.)
   2015-06-01 14:57:14 by Thomas Klausner | Files touched by this commit (4)
Log message:
Import gnu-pw-mgr-1.4 as security/gnu-pw-mgr.

GNU gnu-pw-mgr is a password manager designed to make it easy to
reconstruct difficult passwords when they are needed, while limiting
the risk of attack. The user of this program inputs a very long
initial password "seed" and a self-defined transformation of a web
site URL to obtain both the password and a user name hint for that
web site. The seed is stored in a hidden file. However, the passwords
and the URL transforms are never stored anywhere. You must remember
this transform (password id), or the password is lost forever.