KeePass or Password Safe?

  • Which encryption method is preferrable over the other, AES 128(KeePass) or Hash 160(Password Safe)?

    I noticed that Password Safe's database extension is stored as a viewable encryption in notepad. Keepass' storage extension is not saved as a viewable encryption(obviously preferrable).

    Offer me some suggestions...Ford or Chevy?


    • What kind of suggestion do you want?  Of course a Ford fan will say buy Ford and vice-versa.  You have to decide what your comfortable with....

    • Show someone without much encryption algorithm knowledge some logic, friend.

      Tell me what encrytion method is more secure(of course, less the password quality).  

    • Its still a matter of opinion.  Each product will say there's is better.  Unless you work in select environments, both are way more than you need.

    • Thank you for your opinion. I'll have to begin to research the two algorithms.

    • KeePass can use either AES or Twofish, each of which is a 128-bit block cipher.  Password Safe uses Blowfish, which is 64-bit.  (The "Hash-160" algorithm you mention  must be SHA-160, the algorithm used to hash passwords).

      Among those three algorithms, most people who study these things would say that Twofish wins hands down, where security is concerned.  My own opinion is that Twofish is by a good measure the best choice.  Some people like AES because the government approved it as the standard...  But I dislike it for that very same reason; and also because it is well known to be much weaker than other algorithms like Serpent and Twofish.

      I don't really see it so much as a "matter of opinion".  I find it clear that Twofish is superior to Blowfish, and even AES.  Bruce Schneier, who developed Blowfish, the original version of Password Safe, and was one of the developers of Twofish, will in fact tell you that Twofish is superior to both AES and Blowfish.  (Don't take my word for it; Google yourself.)

      Please refer to this link for some relevant information:

      There is also a lot to be said for the support of more than one encryption algorithm.  I never liked products that forced one--and only one--cipher on you.  As unlikely as it may be that a good cipher (such as Blowfish) will be cited for a real-world weakness, it's good to have the option of a backup cipher, just in case.  With only one choice, you're stuck if that one algorithm suddenly becomes less than ideal.  Bruce Schneier has said this himself.

      Then you have to consider KeePass's far-superior feature set.  Password Safe is bare-bones, and apparently going nowhere.

      So, rather than "Ford vs. Chevy", I think it's more like "Ford vs. Mercedes-Benz", with KeePass being the latter.