Talk:Password Safe

Encryption method?
Crucial information is missing in this article. For instance, how safe is the program--what encryption method is used for storing the password database? A screenshot would be informative as well. Relrel (talk) 15:25, 18 May 2008 (UTC)

Twofish
... is the method, as I just read at Bruce Schneier's homepage. However, I would also like to see an assessment of how safe the program is, but have no idea where to find that. --82.207.247.81 (talk) 19:25, 21 September 2008 (UTC)

First, I served as one of the technical advisors on the book PGP & GPG, EMail for the Practical Paranoid by Michael W. Lucas. I have had a moderate interest in Cryptography since the late 1970s and have actually worked with encryption code professionally. I am little bit puzzled about your question. I don't know whether you are asking about the program itself or the encryption algorithm. I will address both in a general manner starting with the cipher.

TwoFish is just one of several symmetric encryption (as opposed to public/private key encryption) algorithms. I use the word symmetric because the same pass-phrase is used to both encrypt and decrypt. Public/Private encrypts with the public key and no pass-phrase. Only the person that possesses the private (secret) side of the public/private key pair and knows the pass-phrase can then decrypt what was encrypted. But even public/private key encryption still uses symmetric encryption. The only thing encrypted with the public key is the password used with the symmetric encryption.

All password managment programs use only symmetric ciphers. Bruce Schneier has recently stated (circa August 2011) that TwoFish is getting long in tooth because of ever faster CPUs. You need to take that with a grain of salt. Encryption people wax eloquent about how this or that algorithm is more or less susceptible because recent cracking attempts have reduced the long term security of something encrypted with that algorithm. Even the NSA has problems cracking most symmetric ciphers as long as you use a reasonable Digest (Hash) like SHA-256. Only something really old like DES or 3DES, or even something newer like CAST5 are vulnerable to NSA or similar agencies if they are using just brute force. Factors other than the symmetric algorithm used are probably more important.

Since your other passwords stored in Password Safe no longer need to be remembered make them a random mix of upper and lower case characters and numbers. Now those passwords are less vulnerable as long as your Password Safe password and data are not vulnerable. Getting some malware on a Windows machine that has a key logger has a much higher probability than cracking TwoFish. That malware can send your Password Safe master password along with your data file on to one of the many bot data repositories. If that happens, the game is over and you lost.

Another major concern is that all of these programs should be using mlock on Linux type systems and VirtualLock/VirtualUnlock on Windows systems to prevent unencrypted pass-phrases and passwords from being written to disk. I have my OpenSuse system that pops up an X-Window to type my OpenPGP pass-phrase into yet they forgot to turn off ssh forwarding. Now anybody that is on the local network MAY be able to read my password via the X-Windows protocol. Thankfully for me I am the only one on this LAN and it is wired, not wireless. OpenSuse did the pass-phrase that way because people don't know how to use some scripts to turn off their shell history on Linux which is yet another security nightmare.

Somebody could use your web-cam (I don't have one) via permissions in the Adobe flash-player to watch you type your Password Safe password. There are other methods even as simple as looking over your shoulder, or you writing the master on a piece of paper and taping it to your monitor. Don't laugh, some spies recently taped up the password on a piece of paper in the room where the computers were at. It wasn't on the monitor and it was out of sight but it was easily found.

Using ANY of these methods and quite a few others to pry out your password for Password Safe is actually far easier than trying to brute force even CAST5 or BlowFish which are infinitely less secure than TwoFish. How safe is TwoFish? I have it as my number one choice for symmetric ciphers followed by AES-128, AES-256, and AES-192 for my OpenPGP keys. When ThreeFish becomes available it will move into first place. But my pass-phrase and guarding my secret key are the main security risk for my OpenPGP keys. That same idea holds true for Password Safe. Paradoxically, AES-256 just had the brute force effort needed to crack it reduced to the point where it is now less safe than AES-128.

Theoretically a greater number of bits can increase the security but only if all of the other factors are either held steady or are improved. TwoFish is safer than even the author thinks it is for general purpose use. So is AES-256 even for top secret uses despite the recent reduction in its safety. What I am trying to convey is that there are other factors that reduce or increase the security of Password Safe much more than just the symmetric cipher that it uses.

The fact that I have picked TwoFish for my OpenPGP keys as my first pick should set your mind at ease that I consider it quite safe. In fact I think TwoFish is still the best symmetric cipher available right now. Here is the relevant URL for the beginnings of Password Safe on Linux as well as for KeePass where you have a choice of two symmetric ciphers, TwoFish and AES-128 (or maybe it uses both of them with one right after the other): http://bobmorris.wordpress.com/2006/09/15/passwordsafe-for-linux/

http://keepass.info/ Theoretically, there is nothing that could prevent somebody from using AES (AES-128) as a first pass symmetric encryption and then feeding the output of that into TwoFish or vice-versa. Some people do it all the time. That isn't the main problem with this document. This document is long in tooth. There are versions of Password Safe or something patterned after it now for Macintosh, Linux, RIM BlackBerry, iPhone, and Android: http://passwordsafe.sourceforge.net/relatedprojects.shtml

http://www.rimarkable.com/keepass-password-safe-for-blackberry

http://www.apple.com/webapps/productivity/mobilepasswordsafe.html

https://market.android.com/details?id=uk.co.kuffs.free.passwordsafe&hl=en

(substitute es, fr, etcetera for language of choice) They should be added and monitored to make sure they don't disappear. You may want to merge all of this into a Password Management Systems page. People just want something that points them to a solution that manages their dozens of passwords into something where they only have to use one password that is sufficiently complex to resist cracking but that they can remember without writing it down any place. People also hope they can have something that is standard across all of their multiple platforms. Note that one of the URLs (it should NOT be in the document) was talking about also using Password Safe installed on Windows in Linux using WINE. But the advent of the iPhone Android, and Windows mobile phone systems means people will want something that will work there as well. hhhobbit (talk) 03:42, 21 September 2011 (UTC)

Initial Release Date Is Wrong
The "Initial Release" date is listed as "January 15, 2002" which is incorrect. That seems to be based on the first release after migrating to sourceforge and the oldest changelog on the Password Safe web site, however, that changelog is for version 1.7 and mentions changes relative to previous releases, so presumably there were releases prior to this. I've not changed this as I can't find any information on prior releases but this is something that should be improved in the future. Jlick (talk) 09:40, 22 November 2022 (UTC)