Version 4 of Password Gorilla

Updated 2005-01-08 11:43:40 by MS

Password Gorilla [L1 ] is a password manager type application. It manages your login information (sets of a title, user name, password, and notes), and stores it in an encrypted database. A master password is used to protect the file.

Written in pure Tcl, it runs portably on all platforms that Tcl supports. (More beta testers needed, to validate that statement. Especially on the Macintosh.)

Password Gorilla is file compatible with Password Safe [L2 ], originally developed by Counterpane Labs [L3 ], Bruce Schneier's company, of BOOK: Applied Cryptography fame. So there is some credibility to the security of the database file. Password Safe is available only for Microsoft Windows.

The database file is encrypted using the Blowfish algorithm, and should resist cryptanalytic attack. The weakness is the master password, which must be complex enough to resist dictionary attacks.

Password Gorilla could not exist without the excellent packages that it depends on:

  • Tcl/Tk - goes without mention.
  • incr Tcl - for some internally-used objects. Can also use tcl++ instead.
  • BWidget - provides some useful widgets.
  • Starkit - a one-file download option; also as Starpack for Windows.
  • Blowfish in Tcl - used for encryption and decryption.
  • ISAAC - used as a Random Number generator, to generate one-time passwords, and to provide seeds and initialization vectors for Blowfish.
  • sha1 - the Password Safe database format requires the use of a modified SHA1 algorithm, so its code was lifted from tcllib.

Written by Frank Pilhofer.


[ Category Application ]