Password secure...is it secure?

Yes I just got this baby and I LOVE it!  Its great. I have stored all my
passwords inside of it (and yes made a few backups from them in secure
locations)  How secure is this program really?  It uses blowfish to encrypt
the database but how strong blowfish?  128bits?  256?  448?

Anything else I should think about it?   I have putted it and its databases
inside PGPdisk just to play it safe...but then again Im a paranoid.   :)




--
Markus Jansson

************************************
 My privacy related homepage and PGP keys:
 http://www.geocities.com/jansson_markus/
************************************
0
Markus
8/21/2001 6:07:00 AM
grc.security.software 15003 articles. 0 followers. Follow

8 Replies
1988 Views

Similar Articles

[PageSpeed] 14

Markus said:Yes I just got this baby and I LOVE it!  Its great. I have
stored all my
> passwords inside of it .

Markus do you have a link for this app?I could really do with it.
Tilly

--
climbaboard@nzoomail.com
"Markus Jansson" <jansson_markus@ziplip.com> wrote in message
news:9lstr3$2h5c$1@news.grc.com...
> > locations)  How secure is this program really?  It uses blowfish to
encrypt
> the database but how strong blowfish?  128bits?  256?  448?
>
>
0
Tilly
8/21/2001 9:40:00 PM
"Tilly" <climbaboard@nzoomail.com> wrote in message
news:9lukh1$1fi9$1@news.grc.com...
> Markus do you have a link for this app?I could really do with it.


http://www.counterpane.com




--
Markus Jansson

************************************
 My privacy related homepage and PGP keys:
 http://www.geocities.com/jansson_markus/
************************************
0
Markus
8/21/2001 10:07:00 PM
<Mike_Bryeans@webbbs.org> wrote in message
news:WebBBS.998428888@webbbs.org...
> All in all, blowfish is pretty secure so I wouldn't worry to much about
> someone coming along and stealing your passwords.

Heh, thats not the issue. Blowfish may be pretty secure but how is it
implemented?  How about tampering the program?  Backdoors?   Dont just look
at the algorythm, it proves nothing.   :)



--
Markus Jansson

************************************
 My privacy related homepage and PGP keys:
 http://www.geocities.com/jansson_markus/
************************************
0
Markus
8/21/2001 10:08:00 PM
In Article <9lstr3$2h5c$1@news.grc.com>
"Markus Jansson" <jansson_markus@ziplip.com> writes:

> Yes I just got this baby and I LOVE it!  Its great. I have stored all my
> passwords inside of it (and yes made a few backups from them in secure
> locations)  How secure is this program really?  It uses blowfish to encrypt
> the database but how strong blowfish?  128bits?  256?  448?

Blowfish is a block cipher that takes a variable-length key, from 32 bits
to 448 bits.

All in all, blowfish is pretty secure so I wouldn't worry to much about
someone coming along and stealing your passwords.

---
WebBBS Secure Web Server v1.27 : Genesis ( http://www.webbbs.org/ )
0
Mike_Bryeans
8/21/2001 10:21:00 PM
On Wed, 22 Aug 2001 01:07:07 +0300, "Markus Jansson"
<jansson_markus@ziplip.com> wrote:

>
>"Tilly" <climbaboard@nzoomail.com> wrote in message
>news:9lukh1$1fi9$1@news.grc.com...
>> Markus do you have a link for this app?I could really do with it.
>
>
>http://www.counterpane.com

Here's the Password Safe page:
http://www.counterpane.com/passsafe.html

Gina
0
mien2
8/22/2001 12:05:00 AM
On Wed, 22 Aug 2001 01:08:09 +0300, "Markus Jansson"
<jansson_markus@ziplip.com> wrote:


>Heh, thats not the issue. Blowfish may be pretty secure but how is it
>implemented?  How about tampering the program?  Backdoors?   Dont just look
>at the algorythm, it proves nothing.   :)

Here's a test of Password Safe, looks like they were pretty thorough:
http://www.nmrc.org/lab/passsafe.html

Gina
0
mien2
8/22/2001 12:08:00 AM
"Gina Dennison" <mien2@excite.com> wrote in message
news:3b82f75e.11037870@news.grc.com...
> Here's a test of Password Safe, looks like they were pretty thorough:
> http://www.nmrc.org/lab/passsafe.html

Hey that was great!  Thanks!   It seems to be pretty damm good product
indeed.
And as a hint...if a paranoid person like me sayes its safe then....   ;)



--
Markus Jansson

************************************
 My privacy related homepage and PGP keys:
 http://www.geocities.com/jansson_markus/
************************************
0
Markus
8/22/2001 1:16:00 AM
On Wed, 22 Aug 2001 04:16:31 +0300, "Markus Jansson"
<jansson_markus@ziplip.com> wrote:

>Hey that was great!  Thanks!   It seems to be pretty damm good product
>indeed.
>And as a hint...if a paranoid person like me sayes its safe then....   ;)

You're welcome.  I've been using it for quite a while, no complaints.
Glad it passes your "paranoid" test  :)

You may have seen this at the Counterpane site, but if not, Bruce
Schneier has an interesting security newsletter (always full of good
links).

Crypto-Gram Newsletter:
http://www.counterpane.com/crypto-gram.html

Gina
0
mien2
8/22/2001 3:56:00 AM
Reply:

Similar Artilces:

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

Software [In]Security: Twitter Security
Making Your Thoughts as Small and Incomplete as Possible Just for the record, I don't use Twitter. But if this column were a Twitter entry, it might read something like: http://www.informit.com/articles/article.aspx?p=1350268&cid=nl_DR_DAILY_T -- "If U know neither the enemy nor yourself,U will succumb in every battle" ...

form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script  in textboxes in that form and can damage database, so how to avoid such security lack.  it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...

How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...

Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...

Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...

How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...

KLASSP Secure Proxy for password security
http://research.microsoft.com/pubs/69368/acsac06.pdf Hi All, See link above. Anyone know if this system has actually been implemented anywhere? I did some googling and didn't find anything. Appears to be a nice solution to thwart keyloggers on public computers. Cheers, Tom Tom C wrote: > http://research.microsoft.com/pubs/69368/acsac06.pdf > > Hi All, > > See link above. Anyone know if this system has actually been implemented > anywhere? I did some googling and didn't find anything. Interesting document. A few points that occur to me:...

Is security software becoming a security risk?
"Due to bugs in antivirus software, the security suite becomes a risk by itself, and adding multiple pieces of security software makes the problem worse, not better "... <http://www.infoworld.com/article/07/11/21/Is-security-software-becoming-a-security-risk_1.html> or http://preview.tinyurl.com/2nkk9r -- js http://justheadlines.exofire.net john s. smith wrote: > "Due to bugs in antivirus software, the security suite becomes a risk > by itself, and adding multiple pieces of security software makes the > problem worse, not better "... > ...

Secure By Design: How Guardian Digital Secures EnGarde Secure Linux
"EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet."... http://www.linuxsecurity.com/content/view/125195/171/ ...."The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are freely available with GDSN registration."... http://www.engardelinux.org/modules/index/index.cgi -- js ...

Security: Show Passwords MAJOR SECURITY RISK
Name: Mx Email: mklein01atgmaildotcom Product: Firefox Summary: Security: Show Passwords MAJOR SECURITY RISK Comments: The ability of anyone to view saved passwords is a major security risk. PASSWORDS should be ENCRYPTED WITH A USER SELECTED PASSWORD Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 From URL: http://hendrix.mozilla.org/ ...

Security Now : Passwords and Cybercafe
Hello, My Name is Jean-sebastien OpdeBeeck, from Belgium. I'm new on this (great) newsgroup. I've just listen ALL SN podcats ... in some days ... cool and great quality. About password, and cybercafe, if you are afraid about key log. Why don't recommand two factor authentication ??? In my company we implement this (Vasco, RSA, SecureID, ...), so user has to put into his SSL VPN connection LOGIN and his TOKEN challenge+ PIN code. So you never can replay the sequence, because it's one time password. Yes I know, you need money for this, but maximum security i...

Web resources about - Password secure...is it secure? - grc.security.software

One-time password - Wikipedia, the free encyclopedia
A one-time password (OTP) is a password that is valid for only one login session or transaction. OTPs avoid a number of shortcomings that are ...

Oregon To Consider Bill Blocking Employers From Demanding Applicants’ Facebook Passwords
The Oregon House of Representatives will hear a bill Friday that would prevent employers from demanding that job applicants reveal their passwords ...

Keeping Passwords Secure
The Facebook Security team has always kept a close eye on data breach announcements from other organizations. Theft of personal data like email ...

New Facebook Security Features: One-Time Passwords, Security Info
Facebook has launched two new security features to help users stay in control of their accounts. Users can now receive a one-time password from ...

Newest ransomware pilfers passwords before encrypting gigabytes of data
A new wave of crypto ransomware is hitting Windows users courtesy of poorly secured websites. Those sites are infected with Angler, the off-the-shelf ...

WARNING: Change your Amazon password now — Amazon suffers potential password leak
The Black Friday 2015 shopping season is upon us and Amazon's big Black Friday sale is in full swing , but some Amazon customers have received ...

Google can remotely reset the password on 74% of Android devices if it needs to
Android devices running older versions of the software can be remotely reset by Google if a court demands access to it, according to a document ...

Deutsche Bank is considering killing passwords to making online banking safer
Deutsche Bank is considering scrapping traditional passwords in favour of thumbprint technology, facial recognition, and smart tech that knows ...

Deutsche Bank test password-free security
The bank hopes the system will free customers from passwords and allow it to lift limits on mobile transactions, the FT reports.

The FTC's next chief technologist is on a quest for better passwords
Privacy issues will likely stay at the forefront of the FTC's focus next year thanks to the commission's appointment of Lorrie Cranor as its ...

Resources last updated: 12/7/2015 3:14:23 AM