RE: [Passwordsafe-users] decrypting the .dat file
Popular easy-to-use and secure password manager
Brought to you by:
ronys
Menu
▾
▴
RE: [Passwordsafe-users] decrypting the .dat file
|
From: Dickerson, C. <Cli...@la...> - 2004-12-29 23:11:02
|
As was mentioned before I have been using the http://sourceforge.net/projects/pwsafe/ program on Solaris and Linux. It works well but as far as I can tell doesn't support 2.0 formatted dat files. When I search for certain hostnames using pwsafe in a 2.0 dat file it just doesn't show up but open the same file in PasswordSafe and its there. The dev log says the version in CVS supports 2.0 dat files but I haven't been able to get it to compile (do to my lack of CVS knowledge, I would guess). I have started work on a Perl/html front end to the pwsafe program, but due to the fact that people using windows insist on upgrading the dat files to 2.0 format I've hit a brick wall. Any help would be greatly appreciated on getting the latest version of pwsafe to work from CVS. Thanks! Early happy New Year to every one. -cliff -----Original Message----- From: Arnaud Sahuguet [mailto:arn...@gm...] Sent: Wednesday, December 22, 2004 10:37 AM To: ro...@us... Cc: pas...@li... Subject: Re: [Passwordsafe-users] decrypting the .dat file Thanks for info. I looked at the source code and I should be able to write a program to decrypt the file, if needed. But I guess I will wait for the need to show up. I just want to make sure that if one day I am in a non-Windows environment, I can retrieve my dat file from the network and run a simple cmd line script to recover the passwords if needed. When using PasswordSafe to generate the password, it is very unlikely that I will even bother to remember them. regards, Arnaud On Wed, 22 Dec 2004 19:48:08 +0200, Rony Shapiro <ro...@gm...> wrote: > Hi Arnauld, > > Short answer: The .dat file cannot be encrypted/decrypted all at once. A > workaround would be to export the .dat file to plain text and > encrypting/decrypting this with a program/algorithm that is available on > your target platform. > > WARNING: Doing this is potentially VERY unsecure, as the decrypted data may > remain on the target machine, even after you've deleted the file. > > Long answer: There's no need to guess, as the format of the .dat file is > fully documented in the files that come with the source code. Briefly, each > entry stored as a record of variable length fields. All are encrypted using > Blowfish with the same key, but each record has its own salt. > > Hope this helps. > > Cheers, > > Rony > > > -----Original Message----- > > From: pas...@li... > > [mailto:pas...@li...] On > > Behalf Of Arnaud Sahuguet > > Sent: Wednesday, December 22, 2004 5:43 PM > > To: pas...@li... > > Subject: [Passwordsafe-users] decrypting the .dat file > > > > > > Hi, > > > > I saw some previous posting on this topic but no conclusion. > > > > I agree that decrypting the .dat file may create some security issues. > > However, since PasswordSafe only runs on a windows platform, what > > happens when I am travelling with no Windows box around. > > > > I would like to be able to decrypt the .dat file from any machine, > > from the command line for instance. > > > > My guess is that the .dat file stores the passwords as ASCII, with AES > > or Blowfish encryption, and maybe some salting. I just would like to > > know which algorithm to use. > > Once again, without the password, the only way to crack the .dat file > > is to use brute force or dictionary attack. > > > > regards, > > > > Arnaud > > > > ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Passwordsafe-users mailing list Pas...@li... https://lists.sourceforge.net/lists/listinfo/passwordsafe-users |
