Cobbler: simple local password manager - gHacks Tech News

Cobbler: simple local password manager

Cobbler is a local password manager for the Windows operating system that stores passwords and other data in encrypted databases.

When it comes to password managers, users have plenty of options. Most web browsers come with options to store passwords for instance. Then there are browse extensions, cloud-based password managers which usually provide access to add-ons, and local password managers with and without cloud saving options and browser integration.

Cobbler is a simple -- in regards to functionality -- password manager for Windows that tries to keep as low of an attack surface as possible.

While that is beneficial for security, it means that comfort features like browser integration or cloud storage are not supported by the application.


cobbler password manager

Cobbler is provided as a single executable file that you can run from any location. You are prompted to enter a master password on first run that will be used to secure the password database.

While there are no options right now to change the database using the UI, you may use the undocumented startup parameter cobbler.exe d:\example\data.dat to place it anywhere you like.

The interface itself resembles a text editor, as form fields are not used at all in the current version. You write the URL, login and password, and any other information you like anywhere you want.

This gives you a lot of flexibility, but requires that you use a system for that as you may run into overview issues later on otherwise.

Cobbler ships with search functionality that you can use once the password database has been loaded. Simply type some characters to have the program highlight all matching entries for you.

The only other option that you have currently is to disable editing. This sets the information to read only and prevents any editing of information.

Locate data file on the other hand opens the location the currently loaded password database is stored in (which is in the root users directory of the account, e.g. C:\Users\Martin\COBSTORE5.DAT). Cobbler remembers the database file of the last session automatically.

What about security?

Cobbler uses the ciphersuite is AES_128_CBC_SHA. The author states that it does not use plaintext temporary files or discloses metadata, and that it has a low attack surface because it runs locally only and without integration in browsers or other programs.

So, no Internet required at all to use the program, and no connections either.

The source code is kept lean according to the author, as Cobbler's current version has just 900 lines of code. That's 1% of the popular local password manager KeePass (which offers more features).

Closing Words

The author may describe Cobbler as a password manager, but it is not limited to that. Since you can add any textual information to databases, you may use it as a personal diary, and any other textual information that you want to protect.

This means however that there is little distinction between Cobbler and creating an encrypted container using encryption software like VeraCrypt or TruPax, and placing a text file inside.

Cobbler's setup is more convenient, and it is fully portable if you store the executable file and the database together. Also, traces of the opened plain text document may be stored in temp folders for instance, whereas that won't happen with Cobbler.

Now You: which password manager do you use, and why?

Cobbler: simple local password manager
Article Name
Cobbler: simple local password manager
Cobbler is a local password manager for the Windows operating system that stores passwords and other data in encrypted databases.
Ghacks Technology News

  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:


    1. G Mariani said on February 13, 2017 at 4:05 pm

      Seems exactly like LockNote:

    2. Klaas Vaak said on February 13, 2017 at 4:11 pm

      This almost sounds like a joke, as if the author did not really know what he was doing other than create an encryptable container, to which he attached the password manager as an after-thought. I doubt he will get many interested parties, what with the wealth of solid password managers already out there.

    3. Robert said on February 13, 2017 at 5:25 pm

      I wonder what that does mean:

      “I wrote it as I did not feel comfortable with either cloud-based or local, browser-integrated password managers.”

      KeePass has optional browser integration, but it is done using windows name matching not by any suspicious plugin. I totally don’t know what’s an advantage of Cobbler over Keepas, besides being new kid on the block. This is actually good – maybe it will mature in something great.

    4. yossarian said on February 13, 2017 at 8:31 pm

      I didn’t try, but it looks better solution. Free and for all platforms. I stumble up on by accident.

    5. Owl said on February 14, 2017 at 4:53 am

      559Kb. His security blog is interesting. And some interesting utilities. Thanks, Martin.

    6. clasof56 said on February 14, 2017 at 1:51 pm

      Password Safe…never a problem, installable, portable, windows, linux, never on someone elses computer (cloud) and also free. hard to beat.

    Leave a Reply