RE: [Passwordsafe-devel] Status of the Java Port?

[Rony S. <ro...@gm...>]

Hi,

I don't think that PasswordSafe has "failed" by any reasonable definition of
the term. It does what it was designed to do quite well, and I am not aware
of any breaches in the security or cryptography (note that the terms are not
synonymous). But then again, I may be a bit biased :-)

If you're interested in a Java port, the CVS repository has some work that
was done a while ago that might serve as the basis for a downloadable
applet.

	Cheers,

		Rony

________________________________

	From: pas...@li...
[mailto:pas...@li...] On Behalf Of
Cyrus242
	Sent: Monday, May 02, 2005 12:42 AM
	To: pas...@li...
	Subject: Re: [Passwordsafe-devel] Status of the Java Port?
	
	


	Greg Thomas wrote: 

		On 5/1/05, Cyrus242 <Cyr...@sp...>
<mailto:Cyr...@sp...>  wrote:
		  

			my group would be interested in talking about why
this password
			safe has failed and what can be done to make a
better one.
			    

		
		FWIW, I don't think PS has "failed". Time has moved on, and
it is
		perhaps not quite as secure as it could be. That said, I
consider if
		safe enough. OK, it may not be good enough for state
secrets, but it
		will keep my online banking details out of Joe Hackers
hands.
		
		Either way, it's nothing that a couple of new encryption
routines
		wouldn't solve.
		
		  

					I do not think C++ is a candidate
language as none of us know it. C# and
			JAVA seem likely candidates as well as a possibility
for PHP or another
			web based language. I am personally pushing for Java
or C#.
			    

		
		PHP etc. are (generally) server side languages. That's no
good, unless
		you can trust your server 100%, which most people can't. If
you want a
		WWW based solution, I think the only option would be a Java
applet
		that uploads/downloads the encrypted file to the server, and
decrypts
		it locally. You can digitally sign the applet so you know it
hasn't
		been tampered with.
		
		Greg
		
		  

	PHP or another simple solution would be done only if time
constraints are put in place beyond our control. A java applet did pass by
my mind as a solution. Again though, I would personally prefer to use Java
or C# to have a 'password safe' with proper security measures.