RE: [Passwordsafe-users] Decrypting .dat files
Popular easy-to-use and secure password manager
Brought to you by:
ronys
Menu
▾
▴
RE: [Passwordsafe-users] Decrypting .dat files
|
From: Rony S. <ro...@gm...> - 2004-11-11 21:28:31
|
Hi Philip, In general, you're right, of course. The strength of the tool is only as strong as the passphrase used to protect the data. What Juergen may have had in mind was that a command-line tool may be = used to create a file with all the database entries decrypted. Such a file = would b a real security risk, since deleting the file by normal means still = leaves the data floating around on the disk if you know where to look. The PasswordSafe application goes through some lengths to ensure that no = more data than is absolutely needed in a given moment is actually decrypted. Rony > -----Original Message----- > From: pas...@li...=20 > [mailto:pas...@li...] On=20 > Behalf Of Philip Newton > Sent: Thursday, November 11, 2004 3:33 PM > To: Schreck, Juergen > Cc: Dickerson, Cliff; pas...@li... > Subject: Re: [Passwordsafe-users] Decrypting .dat files >=20 >=20 > On Thu, 11 Nov 2004 10:12:38 +0100, Schreck, Juergen > <jue...@si...> wrote: > > I think this would be against all > > purposes of pwsafe. If it would be so easy to decrypt the=20 > database you could > > hold your passwords in a plain textfile, too. >=20 > I though the main component of security lies in the choice of key, not > in the specific algorithm. >=20 > After all, decrypting the database by starting pwsafe is also "easy" > if you have the right passphrase; I do not see why a command-line > decryption utility *that requires you to know the passphrase* is less > secure. >=20 > Cheers, > --=20 > Philip Newton <phi...@gm...> >=20 >=20 > ------------------------------------------------------- > This SF.Net email is sponsored by: > Sybase ASE Linux Express Edition - download now for FREE > LinuxWorld Reader's Choice Award Winner for best database on Linux. > http://ads.osdn.com/?ad_id=3D5588&alloc_id=3D12065&op=3Dclick > _______________________________________________ > Passwordsafe-users mailing list > Pas...@li... > https://lists.sourceforge.net/lists/listinfo/passwordsafe-users >=20 |
