The first edition of Cobbler ("Mono") is now available. Cobbler looks just like a standard text editor, but it safely stores sensitive notes in a tiny fixed-size encrypted and authenticated container. Examples of sensitive information include personal passwords, pincodes, private keys, secret formulas, etc. There is NO browser integration and very few bells and whistles, as the focus is on the essentials: bank-grade encryption (AES_128_CBC) low attack surface (lean codebase, industry-standard algorithms) tamper detection (HMAC_SHA) freeform content no metadata disclosure high bruteforce resistance no plaintext temporary files I wrote Cobbler as I did not feel comfortable with either existing secure note desktop applications, or overly complex password managers Several different editions of Cobbler will be available in a later stage. More details will follow. Feel free to give it a try. Feedback welcome! https://www.trustprobe.com/fs1/apps.html Standard disclaimer: Use at your own risk and keep backups.
Interesting tool, so it's meant to be mostly a password manager? And can you also copy username and passwords to the clipboard automatically?
For me it wasn't clear where the file was stored, but "i could find it" after some searching. It's stored in the Profile-directory c:\users\user\COBSTORE.DAT Can the full path be displayed ín a future version? Btw.: the "Choose Master Password"-dialog of Cobbler looks like this: After entering the password, the user doesn't have to confirm the previously entered password. Maybe it's better to add a confirmation dialog, so it has to entered again.
It's a little closer to the encrypted flat text file paradigm than featureful password managers. Both approaches have their pros and cons - It's the classic tradeoff between security and convenience. So no, Cobbler will not send credentials to the clipboard automatically, although I'm working on ways of improving the process without sacrificing security.
Clicking the Locate Data File button on the main window should help find it. Also you can use the CTRL-T keyboard shortcut to view the master password when configuring it. That said the GUI is still evolving quite a bit, so things may change in later versions.
Version 1,0,009,154 has been posted. Changes: - minor UI enhancements - HMAC verification made transparent
It is not documented yet, but the file location can be specified as a command-line parameter, as follows: Code: cobbler.exe d:\example\data.dat
Good, there is now a distinction between the master password dialog for "new container files" (blue) and opening of an existing file. New Container: Existing Container: And for opening of container files, the password dialog is now displayed again after entering the wrong password This was not the case with the previous version. Good to know
How about detecting the text fields in a browser automatically and filling them in? Or is that too much work?
By design this type of functionality will not be included, as it adds too much attack surface and has proven to be a security minefield (see LastPass critical vulnerabilities last year).
If you need that level of convenience, I think Keepass or Bruce Schneier's Password Safe would be a better fit. For security reasons, I prefer to keep Cobbler's codebase as small as possible, making future code audits much easier - and cheaper. Just to give you an idea, Cobbler Mono (the vanilla edition) has less than 900 lines of code, compared to about 90,000 in Keepass. However I do plan to implement a few more simple shortcuts to speed up common tasks a little.
I feel the same way. The cloud may be trending, but it doesn't mean we have to trust it with your passwords. Giving it a test drive. keep it stupid simple
Review by Martin Brinkmann @ ghacks... http://www.ghacks.net/2017/02/13/cobbler-simple-local-password-manager/
Good review, except calling Cobbler a "password manager" is probably not the best description. It's primarily a desktop-based secure notes application, with a focus on strong security and data integrity. One use case among others is to store website passwords in it (which I personally do, as explained earlier), but it does not have all the features found in typical password managers - nor is it intended to.
New version: 1.009 (build 193) SHA1: 4b8a9d27fee69a16f357c10847b2b6bd732f2ced Changelog: New: Command-line support for arbitrary keyfiles: cobbler.exe /K [keyfile path] New: CTRL-1, CTRL-2, CTRL-3 keyboard shortcuts to quickly copy fields from the current line to the clipboard (Fields must be either comma or whitespace separated. Useful when using Cobbler as a password vault.) Changed: Custom data file path should now be specified as follows: cobbler.exe /F [data file path]
I started toying around with Cobbler a few days ago and I am honestly a little saddened by this change, as the following now doesn't work anymore: Although I understand the necessity of adding argument switches, it would be nice if te previous file-path argument could somehow stay. When opening a file in Windows, its file-path gets passed to the program as argument. This mechanic allowed the user to drag a .dat file onto cobbler.exe to open in instantly. Or even better, the user could register cobbler.exe as default program to open .dat files (or any extension, really).
@Spectre208 I also find that annoying. I will look into adapting the parsing logic, so that if there is only one argument (a file path), it acts as previously.
New version: 1.009 - build 198 SHA1: b365ce6cb573f3c546446d89687826984959a37c Changelog: Changed: Made "/F" optional in case only one command-line argument is passed. New: Ctrl+G at the New Container prompt generates a strong random passphrase that is both high entropy and reasonably easy to remember. It is generally a much safer option than choosing your own password. New: application icon (might still change soon, though.)
New version: 1.009 - build 201 SHA1: 230411769705591eeca5938e64789c4df49f0bc9 SHA256: 0732fb9e0f7cd9979b7df5ff20d50dea2d238008826b095a4d4e7704c4920d0e Changelog: Added quick help screen. (Press F1 to show or hide it) Minor optimizations.
