Re: [Passwordsafe-users] decrypting the .dat file
Popular easy-to-use and secure password manager
Brought to you by:
ronys
Menu
▾
▴
Re: [Passwordsafe-users] decrypting the .dat file
|
From: Arnaud S. <arn...@gm...> - 2004-12-22 18:37:11
|
Thanks for info. I looked at the source code and I should be able to write a program to decrypt the file, if needed. But I guess I will wait for the need to show up. I just want to make sure that if one day I am in a non-Windows environment, I can retrieve my dat file from the network and run a simple cmd line script to recover the passwords if needed. When using PasswordSafe to generate the password, it is very unlikely that I will even bother to remember them. regards, Arnaud On Wed, 22 Dec 2004 19:48:08 +0200, Rony Shapiro <ro...@gm...> wrote: > Hi Arnauld, > > Short answer: The .dat file cannot be encrypted/decrypted all at once. A > workaround would be to export the .dat file to plain text and > encrypting/decrypting this with a program/algorithm that is available on > your target platform. > > WARNING: Doing this is potentially VERY unsecure, as the decrypted data may > remain on the target machine, even after you've deleted the file. > > Long answer: There's no need to guess, as the format of the .dat file is > fully documented in the files that come with the source code. Briefly, each > entry stored as a record of variable length fields. All are encrypted using > Blowfish with the same key, but each record has its own salt. > > Hope this helps. > > Cheers, > > Rony > > > -----Original Message----- > > From: pas...@li... > > [mailto:pas...@li...] On > > Behalf Of Arnaud Sahuguet > > Sent: Wednesday, December 22, 2004 5:43 PM > > To: pas...@li... > > Subject: [Passwordsafe-users] decrypting the .dat file > > > > > > Hi, > > > > I saw some previous posting on this topic but no conclusion. > > > > I agree that decrypting the .dat file may create some security issues. > > However, since PasswordSafe only runs on a windows platform, what > > happens when I am travelling with no Windows box around. > > > > I would like to be able to decrypt the .dat file from any machine, > > from the command line for instance. > > > > My guess is that the .dat file stores the passwords as ASCII, with AES > > or Blowfish encryption, and maybe some salting. I just would like to > > know which algorithm to use. > > Once again, without the password, the only way to crack the .dat file > > is to use brute force or dictionary attack. > > > > regards, > > > > Arnaud > > > > |
