Feature Request: plausible deniability

  • Peter Schaefer
    Peter Schaefer

    Without a lot of effort, plausible deniability could be implemented by adding a "chaff" option, which would ask the user for the name of a chaff database file to create, then would create random database entries of similar size as in the database the user is using, and save the database.

    Ah yes, and while Im here, I'm using .pwsdat as file extension which I told the OS to always open with password safe. It would be nice if PassWord Safe allowed changing extensions, as .dat isnt very specific.

    In order to fully implement plausible deniability,the user SHOULD have a "harmless" file to show the attacker, and its a MUST that the .plk file should have a random name, as the backup file - alternatively Password Safe should randomly create .plk and .dat~ , and it should touch random .dat(or in my case .pwsdat files) files, at least on file systems that store 'atime' (time of last access).

    • Rony Shapiro
      Rony Shapiro


      Changing the .dat suffix to something a bit more distinguishible is definitely an idea who's time has long since arrived. I'll try to squeeze it in the next release.

      The idea of a "chaff" database is intruiging. I'm not sure that such a database would answer a threat scenario that is plausible for most passwordsafe users, though. My guess would be that for the vast majority of users, such a filewould create much confusion, since to make it indistinguishable from the "real" database means that the user would have to somehow remember which is which. I'm also not sure that it's practical to get the implementation right against a really determined attacker - the OS keeps a lot of information around regarding access time, etc...