$Id: README.sgml.in 1228 2008-02-26 13:16:08Z rafi $
Table of Contents
Copyright© 2008 by Rafael Ostertag
YAPET is a curses based password encryption tool using the Blowfish encryption algorithm to store the password records encrypted on disk. Its primary aim is to provide a safe way to store passwords in a file on disk while having a small footprint, and compiling and running under today's most popular Unixes, such as Sun™ Solaris™, FreeBSD®, and Linux.
If you are looking for a fully fledged password encryption tool having a graphical user interface, I recommend you start with revelation (http://oss.codepoet.no/revelation). YAPET is text based and less feature rich in comparison to revelation.
Using several different Unixes, I wanted to have a single application running on all Unixes for storing my passwords in a secure manner. While revelation is running fine under FreeBSD® and Linux, it's a pain to get it run under Sun™ Solaris™ 10 (as you can see, the only tool I tried was revelation). It has many dependencies because it uses GNOME and PyGNOME. I didn't want to go thru the hassle of installing PyGNOME under Sun™ Solaris™, and decided to roll my own.
YAPET successful builds and runs on following platforms:
YAPET features
using Blowfish encryption (http://www.schneier.com/blowfish.html) with 448 bits key.
passwords are not kept clear text in memory.
doesn't depend on a graphical user interface and their "dependency hell". Provides a text based user interface.
is only dependent of two libraries: openssl (http://www.openssl.org) and curses or ncurses (http://www.gnu.org/software/ncurses/).
locks the terminal after ten minutes of inactivity.
YAPET uses a configure script for
configuring the build process. Refer to the
INSTALL file in the source tarball
yapet-0.2.tar.gz.
YAPET is kept simple. You should not find it difficult to use. The user interface has some quirks, though.
See the manual page yapet(1) after installing YAPET for a minimal usage guide.
Refer to the DESIGN file which comes
along with the source tarball, in order to get an idea of the
design of YAPET.
Although I took several precautions to avoid having any passwords stored clear text in memory, I was able to snoop up the master password in core files. This means for you, the user of YAPET, that it is possible, though not likely, for a malicious user to get hold of one or more passwords while YAPET is running. But remember, the passwords stored in the files created by YAPET are encrypted and not stored clear text. This is the best possible way of keeping them stored on a disk. The best overall method for keeping them, is to memorize them and not writing them down in any form.