Cobbler is a local password manager for the Windows operating system that stores passwords and other data in encrypted databases.
When it comes to password managers, users have plenty of options. Most web browsers come with options to store passwords for instance. Then there are browse extensions, cloud-based password managers which usually provide access to add-ons, and local password managers with and without cloud saving options and browser integration.
Cobbler is a simple -- in regards to functionality -- password manager for Windows that tries to keep as low of an attack surface as possible.
While that is beneficial for security, it means that comfort features like browser integration or cloud storage are not supported by the application.
Cobbler is provided as a single executable file that you can run from any location. You are prompted to enter a master password on first run that will be used to secure the password database.
While there are no options right now to change the database using the UI, you may use the undocumented startup parameter cobbler.exe d:\example\data.dat to place it anywhere you like.
The interface itself resembles a text editor, as form fields are not used at all in the current version. You write the URL, login and password, and any other information you like anywhere you want.
This gives you a lot of flexibility, but requires that you use a system for that as you may run into overview issues later on otherwise.
Cobbler ships with search functionality that you can use once the password database has been loaded. Simply type some characters to have the program highlight all matching entries for you.
The only other option that you have currently is to disable editing. This sets the information to read only and prevents any editing of information.
Locate data file on the other hand opens the location the currently loaded password database is stored in (which is in the root users directory of the account, e.g. C:\Users\Martin\COBSTORE5.DAT). Cobbler remembers the database file of the last session automatically.
What about security?
Cobbler uses the ciphersuite is AES_128_CBC_SHA. The author states that it does not use plaintext temporary files or discloses metadata, and that it has a low attack surface because it runs locally only and without integration in browsers or other programs.
So, no Internet required at all to use the program, and no connections either.
The source code is kept lean according to the author, as Cobbler's current version has just 900 lines of code. That's 1% of the popular local password manager KeePass (which offers more features).
The author may describe Cobbler as a password manager, but it is not limited to that. Since you can add any textual information to databases, you may use it as a personal diary, and any other textual information that you want to protect.
Cobbler's setup is more convenient, and it is fully portable if you store the executable file and the database together. Also, traces of the opened plain text document may be stored in temp folders for instance, whereas that won't happen with Cobbler.
Now You: which password manager do you use, and why?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.