Password Gorilla A cross-platform Password Manager Now Available for Microsoft Windows, Mac OS X, Linux, Solaris, *BSD, etc. Free, Open Source Software! Version 1.4 Table of Contents Introduction Background Download and Installation Screenshot Using Password Gorilla Revision History License Information Credits

Introduction

Too many passwords to remember?
Do you forget passwords?
Do you re-use passwords?
Do you keep passwords written down?

Many internet services require you to "log in." You choose a user name and a password, in combination called a "login," that authenticate you to the service.

Over time, managing a plethora of logins becomes near impossible. Few people can remember more than a handful of passwords. This inevitably leads to either a proverbial yellow sticker on your desk, with all the passwords written down, or to the reuse of the same few passwords over and over again. Neither approach is very secure. In the first case, a co-worker could spy on your passwords, in the second, if an attacker manages to guess or intercept your passwords, many of the services you use can be accessed.

Adding to the confusion is the multitude of password policies that different services enforce. E.g., some services require passwords to contain mixed case and non-alphabetic characters, or to be shorter or longer than a certain number of characters. Other services require you to change passwords every month, quarter, or year.

The Password Gorilla Can Help!

The Password Gorilla helps you manage your logins. It stores all your user names and passwords, along with login information and other notes, in a securely encrypted file. A single "master password" is used to protect the file. This way, you only need to remember the single master password, instead of the many logins that you use.

If you want to log in to a service or Web site, the Password Gorilla copies your user name and password to the clipboard, so that you can easily paste it into your Web browser or other application. Because the password does not appear on the screen, Password Gorilla is safe to use in the presence of others.

The convenience of Password Gorilla allows you to choose different, non-intuitive passwords for each service. An integrated random password generator can provide one-time passwords, tunable to various services' policies.

Why "Gorilla"?

Password Gorilla is named for the cartoon gorilla that is doorman of the Ink and Paint Club in the movie Who Framed Roger Rabbit?. The gorilla lets the movie's hero, Eddie Valiant, pass only after uttering the right password: "Walt sent me."

Background

The "Twofish" encryption algorithm is used to secure your password database. It is not possible to break into a password database without knowing the master password.

Password Gorilla is designed to be compatible with the Password Safe program, which was originally developed by Counterpane Labs, and is now maintained as an Open Source project at Sourceforge. All credit for the idea and the technology behind Password Gorilla belong to the authors and maintainers of Password Safe.

While Password Safe is an excellent piece of free software, it is only available for the Microsoft Windows platform. Password Gorilla is compatible with most major operating systems, including Apple Macintosh OS X and diverse flavors of Unix. If you work with more than just Windows, Password Gorilla allows you to access your password database anywhere.

No matter which operating system, Password Gorilla offers a few stand-out features, such as the merging of password databases. This is particularly useful if you have multiple copies of your database (e.g., at home and at work). Occasionally, you can then merge the two databases, collecting the updates you made on either end.

Also, Password Gorilla is an independent alternative to Password Safe. In the unlikely event that development of Password Safe is ever discontinued, you will still be able to use Password Gorilla to access your password database files.

Download and Installation

Password Gorilla is platform-independent software, and runs on most operating systems, including Microsoft Windows, Apple Mac OS, and many flavors of Unix. Password Gorilla has been tested on Windows, Linux and Solaris.

There are multiple download options, depending on your operating system and preference. There is a pre-built executable for Microsoft Windows, a ready-to-run Starkit, or Password Gorilla's source code.

Download Options

Windows

Download Password Gorilla as an executable program (1.5 MB). (Right-click on the link, and select "Save As".) No installation is necessary: just copy this executable to a location of your choice (e.g., your desktop), and start Password Gorilla by double-clicking its icon. Runs under Microsoft Windows 95, 98, ME, NT, 2000 and XP.

You can, e.g., copy the Password Gorilla executable to a memory stick, along with your password database, to have your passwords available wherever you go.

Mac OS X

Download Password Gorilla as an application package for Mac OS X. This version is based on the Universal binary for PPC and Intel MACs (Tcl/Tk 8.4.14).

The OS X version was contributed by Marcel Scherello. Please contact Marcel directly if you have questions about the Mac OS X version. See also his change log.

Linux, Solaris, *BSD

Download Password Gorilla as a platform-independent, ready-to-run Starkit (239 kB).

To run the Password Gorilla Starkit, you need a Tclkit for your platform. Tclkits exist for many operating system, including Windows, Mac OS X, Linux, FreeBSD and others. (Mac OS X note: you need the Wishkit, not the Tclkit.) Follow the link to the "Download" section in the right-hand menu, and then to the "download area." Use any "8.4" version.

Don't forget to assign execute permission to the tclkit after downloading, i.e., chmod +x tclkit

After following the installation instructions for tclkit, you should be able to run Password Gorilla by typing

tclkit gorilla-1.4.kit

at the console. If desired, rename the ".kit" file as "gorilla", assign execute permission (i.e., chmod +x gorilla), and move both tclkit and "gorilla" to a directory in your "$PATH". After that exercise, Password Gorilla can be started by typing gorilla at a console.

Note: default builds of tclkit come without support for internationalization, but only with support for the ASCII and ISO-8859-1 character sets. To use Password Gorilla with other character sets, use the source code below.

Source Code

Using the source code, you can make Password Gorilla work on almost any operating system. Download the Password Gorilla source code either as a ZIP archive, gorilla-1.4.zip (166 kB), or as a .tar.gz archive, gorilla-1.4.tar.gz (166 kB).

In order to run the Password Gorilla sourcecode, you need to download and install Tcl/Tk (at least Tcl/Tk 8.4 is required, follow the links in the "Latest Releases" box in the upper left corner), as well as the [incr Tcl] and BWidget add-on packages.

ActiveState offers free downloads of its ActiveTcl product for several operating systems. ActiveTcl includes all packages that Password Gorilla requires.

After installing Tcl/Tk, Unix users can run

./configure

to configure Password Gorilla with your installed version of Tcl/Tk. Password Gorilla can then be started by running "gorilla". If desired, create a symbolic link to "gorilla" in one of the directories that are in your search PATH.

Windows Mobile / PocketPC / Windows CE

Not supported yet. Porting Password Gorilla to PDAs is possible, and the remaining work that needs to be done is mostly testing and tweaking. Contact the author if you are interested in porting Password Gorilla to these platforms (if you have Tcl/Tk experience), or if you would like to sponsor a port. Those with an appetite for adventure can find hints at http://mini.net/tcl/2946 and http://sourceforge.net/projects/tcltkce.

Screenshot

Using Password Gorilla

Please refer to the Help File.

Revision History

This section details changes between versions of Password Gorilla. Each subsection lists the changes, updates and fixes from its predecessor. The latest version is listed first.

Version 1.4

Released July 3, 2006.

• Add support for Password Safe 3 file format.
• Add "Find".
• Hide main window when coming up and asking to open a file.
• Bugfix: fixed alphabetical ordering of entries in nested subgroups.
• Improved seed for initializing the pseudo-random number generator.
• Bring Password Gorilla window to the foreground after unlocking.
• Allow closing a locked database using the "X" button.
• Bugfix: fix handling of a database file name on the command line. (Reported by Rudolf Mühlbauer.)

Version 1.3

Released January 12, 2006.

• Bugfix: fix compatibility with Password Safe 2.14 and later. (Fixes "V1 name field looks suspect" error.)
• Bugfix: disable the menu when locked (in idle timeout), which on the Mac is not affected by a grab for all events by the unlock dialog.

Version 1.2

Released June 26, 2005.

• Added idle timeout (see Manage->Database Preferences).
• Added auto-save.
• Revised the exit dialog, if the database was modified. Instead of asking whether to discard changes, it now asks whether to save the modified database before exiting.
• Show percentage indicator when loading or saving a database.
• Added --rc <name> command-line option to use this configuration file instead of ~/.gorillarc or the Registry.
• Bugfix: allow "\t" as a field separator for exporting.
• Bugfix: get confirmation when opening a new database, and the current one is modified.
• Bugfix: on Windows, show the Windows (native) path name of the database, i.e., using backslashes instead of slashes.

Version 1.1

Released April 23, 2005.

• Added "Export" feature (in the "File" menu) to export the database to a plain-text file (e.g., for backup purposes).
• Added "Backup database on save" preference. If enabled, a backup copy will be created with the ".bak" extension.
• Consider password database changed if the master password has changed -- and thus enable the "Save" menu item.
• Bugfix when using non-Latin character sets.
• For the Windows executable, add codeset pages for non-Latin input.
• Added "-norc" command-line option. If used, default preferences are used, and no preferences will be loaded or written to a preferences file (Unix, Mac OS X) or the registry (Windows). The option can also be made part of the executable name, e.g., "gorilla-norc.exe".

Version 1.0

Released January 15, 2005.

• Added Password Gorilla artwork; contributed by Andrew J. Sniezek.
• Enabled mouse wheel on Windows.
• Unicode support: Encode all strings using UTF-8, so that a database file may be moved between locales. If enabled, non-ASCII characters may not show up correctly when loading the database into Password Safe. If disabled, non-ASCII characters may not show up correctly when opening the database in a different locale.
• Added dialog for database-specific preferences. So far, the only configurable preference is "Unicode support".
• Merging a database now prompts whether the user wants to see a detailed report of the merged logins (conflicts, added logins, identical logins).
• Bug fix: "Edit->Copy Password" now indeed copies the password to the clipboard, instead of the user name.
• Effect the "Remember sizes of dialog boxes" only if the version number has not changed, as the size of dialog boxes may change between versions.

Version 1.0b1

Released December 17, 2004.

• Added Credits section to "Help->About" dialog.
• Fix problem on Windows, when the Page Up and Page Down keys would scroll by two pages, when viewing the Help or License files.
• Assign and update "Created", "Last Modified" and "Password Last Changed" timestamps; the latter two are shown in the Entry dialog.
• In the tree view, arrange all groups before the entries.
• Add "File->Preferences" dialog to configure, for now, the size of the last recently used databases list, a delay for clearing the clipboard, what action to take when double-clicking an entry, and whether to save information about dialog box sizes.
• Provide some useful information in the bottom "status" line. Clear the status line after 5 seconds, so that potentially sensible information like "Password copied to clipboard" does not show forever.
• Added option to clear the clipboard after a configurable amount of time (see Preferences above), so that passwords don't remain in the clipboard forever.
• Implemented Merge functionality, to merge entries from a second database into the currently-open database. Duplicate entries are ignored, if they are identical. Otherwise, they will show up with the timestamp of their last modification.
• On the Macintosh, use the ~/Library/Preferences/gorilla.rc file to store preferences.
• Rename entry to login.

Version 1.0a2

Released December 6, 2004.

• Repackaged as Starkit and Starpack, to offer a binary download on Windows.

Version 1.0a1

Released December 5, 2004.

Initial public release.

License Information

Password Gorilla is free, Open Sorce software, released under the GNU General Public License (GPL).

Password Gorilla does not need to be registered, does not contain any adware or spyware, does not contain any back doors, and does not send any information over the internet or otherwise. The GPL preserves your freedom to inspect the software, and to validate that these statements are true.

There is no warranty or support for Password Gorilla.

Platform maintainers wanted: Please contact the author if you are interested in maintaining a Password Gorilla "port" for a specific operating system, or distribution. This involves validating Password Gorilla's behavior on that operating system, contributing installation instructions, and possibly writing operating system-specific source code to improve Password Gorilla, if necessary.

Credits

The gorilla artwork was contributed by Andrew J. Sniezek.

The original Password Safe inspired the creation of Password Gorilla. Its authors and maintainers deserve credit for the database and encryption technologies that this software uses.

Password Gorilla could not exist without the excellent Open Source tools that it depends on:

• The Tcl/Tk language, and the [incr Tcl] and BWidget add-on packages.

• Contains code for the SHA1 and SHA256 hashing algorithms that was lifted from the tcllib package.

• The blowfish package is derived from Paul Kocher's reference implementation.

• Contains an implementation of the ISAAC random number generator, derived from Bob Jenkins' reference implementation.

• The Windows executable, and the ready-to-run package for other systems, were made possible by the Starkit technology.