Re: [Passwordsafe-users] Exporting file security question

[Philip N. <phi...@gm...>]

On 5/23/06, Massey, Robert <Rob...@ch...> wrote:
> You should be able to just copy the database file itself.  I do the same
> thing.  In fact, I frequently just e-mail the Password Safe database
> from work to home (or vice versa).

So do I. I don't even use the same version, and it works fine (as long
as the "master" is the one with the lower version).

On 5/23/06, Sharon Roushdy <sro...@um...> wrote:
> "This operation will create an unprotected copy of ALL of the passwords
> in the database. Deleting this copy after use is *NOT* sufficient. This
> bypasses the security of the program."
>
> If deleting the copy is not sufficient, why not,

Because deleting a file does not (usually) remove the data from the
hard drive, but merely removes the directory entry and marks the disk
blocks as free.

So someone who directly read the hard drive block-by-block would come
across the passwords in plain text, as long as no other file had
happened to use those blocks in the mean time.

> and what would be sufficient?

Overwriting the disk blocks several times with random bit patterns
information, or something like that -- there are programs that do this
kind of thing for you, some even claiming to implement US government
standards of wiping.

See, for example, http://en.wikipedia.org/wiki/File_wiping and
http://en.wikipedia.org/wiki/Data_remanence .

Cheers,
--=20
Philip Newton <phi...@gm...>