General discussion

  • Creator
    Topic
  • #2276603

    PasswordSafe

    Locked

    by finster77 ·

    How does everybody feel about Password Safe? It just spooks me to think it’s shareware and people are willing to put all thier passwords in it. Thoughts?

All Comments

  • Author
    Replies
    • #3294798

      Another kind of password safe

      by jamesrl ·

      In reply to PasswordSafe

      Put all of your ids and passwords into a text file. Don’t name it password.txt. Put it in a password protected zip file. Don’t name it password.zip. Make sure its in a directory with other zip files. Hide in plain sight.

      James

    • #3295350

      It’s not shareware

      by jbarchitect ·

      In reply to PasswordSafe

      PasswordSafe is not shareware, it’s open source. Go visit http://sourceforge.net/projects/passwordsafe/ to find out.

      If you are afraid of “back doors”, you can look at the source code. (I haven’t found any.) If you find a vunerability, you can (and SHOULD) post it to the group so it gets fixed.

      PasswordSafe uses the Blowfish encryption algorithm developed by Dr. Bruce Schneier. It is a relatively fast and resilient algorithm.

      PasswordSafe was originally developed by Schneier and his colleagues at CounterPane Labs. They released the source code as Open Source and turned development over to a volunteer group at SourceForge so that (A) enhancements could be continued, and (B) security vetting could be made public. To my knowledge, no one on the volunteer group is employed with CounterPane.

      My thoughts?

      PasswordSafe is, to me, the LEAST SPOOKY of any password repository, both because of Open Source and due to its history. I store HUNDREDS of passwords in it. And (although I strive to maintain strict access control to my repository files), I would not be particularly worried if, for example, an attacker were to find a floppy with one of my repositories on it. It would take FAR more effort to crack it than it is worth.

      If you decide you don’t like (or don’t trust) PasswordSafe, try something else. The basic idea is a sound one…

      * you should have a UNIQUE password or passphrase for EVERY system or website;
      * it is easier to keep ONE (or a few) encrypted files secured than it is a whole system (such as your workstation);
      * a secure password management facility such as PasswordSafe helps out because each of those passwords can be LONG and (cryptographically) RANDOM;
      * let the password management software also manage: keeping the clipboard securely clear of passwords, keeping passwords from being stored in the swap file, etc.

Viewing 1 reply thread