Password Safe is a great tool, I use it daily. One thing though I miss is a bit more information on the web site on how the encryption works. Not necessarily too technical, just some about the algorithm that is used, and some info about the keysize.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Until that's ready:
Passwordsafe currently uses the Blowfish encryption algorithm, which has been around for ~20 years and has no known weaknesses, and has pretty decent performance.
The encryption key is 160 bits long, derived form the passphrase via the SHA-1 hash algorithm.
Passwordsafe reads the database into memory when the database is open, and stores the data encrypted in memory, such that at most there's only one entry's password (the one selected by the user) in the clear at a time.
Passwordsafe has no "back doors" or known weakness that make it feasible to decrypt the stored data without knowing or guessing the passphrase. In other words, it's basically as strong as the passphrase you choose for the master combination.
That's it, in a nutshell. Let me know if you want me to elaborate on anything.
Cheers,
Rony
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Oh, just a small correction: according to Bruce Schneier's site, Blowfish was designed in 1993, making the algorithm 13 years old. http://www.schneier.com/blowfish.html
Cheers, Rene
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Just to update this: As of 3.01, released 6/6/2006, the encryption algorithm
has changed from Blowfish to Twofish. Twofish was one of the five finalists
for the AES standard.
Password Safe is a great tool, I use it daily. One thing though I miss is a bit more information on the web site on how the encryption works. Not necessarily too technical, just some about the algorithm that is used, and some info about the keysize.
Hi,
A FAQ is definitely on my to-do list...
Until that's ready:
Passwordsafe currently uses the Blowfish encryption algorithm, which has been around for ~20 years and has no known weaknesses, and has pretty decent performance.
The encryption key is 160 bits long, derived form the passphrase via the SHA-1 hash algorithm.
Passwordsafe reads the database into memory when the database is open, and stores the data encrypted in memory, such that at most there's only one entry's password (the one selected by the user) in the clear at a time.
Passwordsafe has no "back doors" or known weakness that make it feasible to decrypt the stored data without knowing or guessing the passphrase. In other words, it's basically as strong as the passphrase you choose for the master combination.
That's it, in a nutshell. Let me know if you want me to elaborate on anything.
Cheers,
Oh, just a small correction: according to Bruce Schneier's site, Blowfish was designed in 1993, making the algorithm 13 years old. http://www.schneier.com/blowfish.html
Cheers, Rene
That was almost exactly what I was looking for, I can't think of anything more to be added to that right now.
Thanks,
Rene
Just to update this: As of 3.01, released 6/6/2006, the encryption algorithm
has changed from Blowfish to Twofish. Twofish was one of the five finalists
for the AES standard.
For more information, see
http://www.schneier.com/twofish.html