General discussion

Locked

PasswordSafe

By Finster77 ·
How does everybody feel about Password Safe? It just spooks me to think it's shareware and people are willing to put all thier passwords in it. Thoughts?

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Another kind of password safe

by JamesRL In reply to PasswordSafe

Put all of your ids and passwords into a text file. Don't name it password.txt. Put it in a password protected zip file. Don't name it password.zip. Make sure its in a directory with other zip files. Hide in plain sight.

James

Collapse -

It's not shareware

by jbarchitect In reply to PasswordSafe

PasswordSafe is not shareware, it's open source. Go visit http://sourceforge.net/projects/passwordsafe/ to find out.

If you are afraid of "back doors", you can look at the source code. (I haven't found any.) If you find a vunerability, you can (and SHOULD) post it to the group so it gets fixed.

PasswordSafe uses the Blowfish encryption algorithm developed by Dr. Bruce Schneier. It is a relatively fast and resilient algorithm.

PasswordSafe was originally developed by Schneier and his colleagues at CounterPane Labs. They released the source code as Open Source and turned development over to a volunteer group at SourceForge so that (A) enhancements could be continued, and (B) security vetting could be made public. To my knowledge, no one on the volunteer group is employed with CounterPane.

My thoughts?

PasswordSafe is, to me, the LEAST SPOOKY of any password repository, both because of Open Source and due to its history. I store HUNDREDS of passwords in it. And (although I strive to maintain strict access control to my repository files), I would not be particularly worried if, for example, an attacker were to find a floppy with one of my repositories on it. It would take FAR more effort to crack it than it is worth.

If you decide you don't like (or don't trust) PasswordSafe, try something else. The basic idea is a sound one...

* you should have a UNIQUE password or passphrase for EVERY system or website;
* it is easier to keep ONE (or a few) encrypted files secured than it is a whole system (such as your workstation);
* a secure password management facility such as PasswordSafe helps out because each of those passwords can be LONG and (cryptographically) RANDOM;
* let the password management software also manage: keeping the clipboard securely clear of passwords, keeping passwords from being stored in the swap file, etc.

Back to Software Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums