RE: [Passwordsafe-devel] Status of the Java Port?
Popular easy-to-use and secure password manager
Brought to you by:
ronys
From: Rony S. <ro...@gm...> - 2005-05-02 05:39:14
|
Hi, I don't think that PasswordSafe has "failed" by any reasonable definition of the term. It does what it was designed to do quite well, and I am not aware of any breaches in the security or cryptography (note that the terms are not synonymous). But then again, I may be a bit biased :-) If you're interested in a Java port, the CVS repository has some work that was done a while ago that might serve as the basis for a downloadable applet. Cheers, Rony ________________________________ From: pas...@li... [mailto:pas...@li...] On Behalf Of Cyrus242 Sent: Monday, May 02, 2005 12:42 AM To: pas...@li... Subject: Re: [Passwordsafe-devel] Status of the Java Port? Greg Thomas wrote: On 5/1/05, Cyrus242 <Cyr...@sp...> <mailto:Cyr...@sp...> wrote: my group would be interested in talking about why this password safe has failed and what can be done to make a better one. FWIW, I don't think PS has "failed". Time has moved on, and it is perhaps not quite as secure as it could be. That said, I consider if safe enough. OK, it may not be good enough for state secrets, but it will keep my online banking details out of Joe Hackers hands. Either way, it's nothing that a couple of new encryption routines wouldn't solve. I do not think C++ is a candidate language as none of us know it. C# and JAVA seem likely candidates as well as a possibility for PHP or another web based language. I am personally pushing for Java or C#. PHP etc. are (generally) server side languages. That's no good, unless you can trust your server 100%, which most people can't. If you want a WWW based solution, I think the only option would be a Java applet that uploads/downloads the encrypted file to the server, and decrypts it locally. You can digitally sign the applet so you know it hasn't been tampered with. Greg PHP or another simple solution would be done only if time constraints are put in place beyond our control. A java applet did pass by my mind as a solution. Again though, I would personally prefer to use Java or C# to have a 'password safe' with proper security measures. |