Gorilla Password Manager
August 21, 2005
A friend recently had his laptop stolen from his apartment. Correctly, his biggest concern wasn't coming up with the money to buy a replacement computer, but rather what might happen if important personal and financial information stored on the laptop fell into the wrong hands. (Lucky for him, no one seems to have run up his credit cards or cleaned out his bank accounts --yet.)
One important step that almost every user of a computer should take is to store sensitive login information (login id's and passwords) in an encrypted file using a "password manager." When you login to an e-commerce site, for example, you call up the password manager, ask it to open your encrypted password database, then enter your master password, after which you have access to your private information. One major advantage of a password manager is that you can use strong passwords, which are much harder to crack --and remember-- than your birthday, pet's name, or favorite sports team. You can also use your password manager to store bank and credit-card PINs, lock combinations, and credit-card numbers (in case you have to report them stolen).
I've been using --and liking-- Oubliette, a free (Mozilla Public License) password manager that organizes and encrypts login id's and passwords in a single file. The only drawback I can see to Oubliette is that it only runs on Windows. Now that I am using more GNU/Linux machines than Windows machines, I've decided to switch to a password manager that I can use with both GNU/Linux and Windows.
So far, so good. The look and feel of Gorilla is not as nice as Oubliette, but I like being able store a Gorilla-encrypted login id and password data base on a USB flash drive and use it on either GNU/Linux or Windows machines. I haven't tried it, but the Gorilla home page says that you can copy the Windows executable file onto a USB drive (1.5 megabytes) and then run Gorilla from any Windows machine.
The only really annoying thing about Gorilla is that I had to hand enter all of my login ids and passwords from a text version of my original Oubliette data base. I would have preferred to import the data directly from the text file.
One installation suggestion for GNU/Linux. Under GNU/Linux you actually run Gorilla in a self-contained scripting program called tclkit, which you'll need to install first (installation is easy, just follow the instructions on the Gorilla page or at tclkit). The Gorilla home page then suggests the following:
After following the installation instructions for tclkit, you should be able to run Password Gorilla by typing:
at the console. If desired, rename the ".kit" file as "gorilla", assign execute permission (i.e., chmod +x gorilla), and move both tclkit and "gorilla" to a directory in your "$PATH". After that exercise, Password Gorilla can be started by typing gorilla at a console.
This procedure works fine, but I found it easier to create a tiny shell script, which I called "gorilla", marked as "executable" (chmod a+x gorilla"), and copied into my /usr/local/bin directory:
In the example above, I've copied both the tclkit and gorilla-1.2.kit files into the /software/gorilla subdirectory of my home directory. I can now run Gorilla from the command line in a terminal, or from a launcher I created on my desktop. Let me know if you have any better ideas.