Password Gorilla

Password Gorilla is a password manager type application. It manages your login information (sets of a title, user name, password, and notes), and stores it in an encrypted database. A master password is used to protect the file.

Written in pure Tcl, it runs portably on all platforms that Tcl supports. (More beta testers needed, to validate that statement. Especially on the Macintosh.)

Password Gorilla is file compatible with Password Safe , originally developed by Counterpane Labs Counterpane Labs , Bruce Schneier's company, of BOOK: Applied Cryptography fame. So there is some credibility to the security of the database file. Password Safe is available only for Microsoft Windows.

The database file is encrypted using the Twofish algorithm, and should resist cryptanalytic attack. The weakness is the master password, which must be complex enough to resist dictionary attacks.

Password Gorilla could not exist without the excellent packages that it depends on:

  • Tcl/Tk - goes without mention.
  • incr Tcl - for some internally-used objects. Can also use tcl++ instead.
  • BWidget - provides some useful widgets. (replaced by Ttk widgets in version 1.5.x)
  • Starkit - a one-file download option; also as Starpack for Windows.
  • Twofish in Tcl - used for encryption and decryption when using the Password Safe 3 file format.
  • Blowfish in Tcl - used for encryption and decryption when using the legacy Password Safe 1/2 file format.
  • ISAAC - used as a Random Number generator, to generate one-time passwords, and to provide seeds and initialization vectors for Blowfish.
  • sha2 - the Password Safe 3 database format uses SHA256 for key stretching and file integrity checking.
  • sha1 - the Password Safe 1/2 database format requires the use of a modified SHA1 algorithm, so its code was lifted from tcllib.

Written by Frank Pilhofer.

RLH This is a nice program. I use it on Windows and my Mac.

VPT I agree, I use with Dropbox to keep my passwords coordinated across Linux, Mac and Windows. Pity there isn't an iPhone version.

RLH I wonder if the BWidget and iTcl requirements could be removed in favor of TclOO and Ttk that Tcl itself provides?

The latest Password Gorilla ( ) has already removed the BWidget requirement and substituted Ttk. Removal of iTcl will be trickier due to it having been deeply utilized in the low level core by the original author.

RLH Cool. :-)

Old homepage: