![]() There are people who still resent having to lock the front door of their house as well, and I totally get that. Of these, the PasswordSafe format was by far the strongest, and the only one resilient against all of the writer's proposed attacks.Blame the necessity on those who want your stuff without having to pay for it. The paper reviewed 9 different password database formats: It is referenced in the above paper, if anyone wants to have a go at it. There is a longer paper by the same authors that delves into the actual mathematical analysis of that file format I have only found it on academic sites that charge for downloading a paper, so I haven't read it yet. At the time of this writing, it is available online at, but I don't know how long that link will be live. One analysis of the Password Safe file format can be found in the paper, "On The Security of Password Manager Database Formats," by Gasti and Rasmussen. Here is some additional information, not meant to detract from the previous excellent answers. Scheneier's banter about speed of Twofish is just an old piece of commercial advertisement which made sense 15 years ago when Twofish was involved in the AES competition (but, ultimately, Rijndael won and became "the AES"). 3DES is "slow" which means that decrypting all your stored password would take 500 microseconds instead of 50 with a faster algorithm - but you would not see the difference anyway. In practice, the encryption speed is not important. ![]() I have not looked what Password Safe employs for that step, but usual recommendations are bcrypt and PBKDF2. When doing the slowness in the password hashing step, on the other hand, you can make things more equal between you and the attacker. In other words, if the encryption itself was slow, you would not be able to make it as sow as you would wish, and the attacker would not be much thwarted. On the other hand, the attacker only has to decrypt the first block or so to quickly rule out wrong passwords. If the encryption was inherently slow, then it would be very slow for you, because encryption time is proportional to the size of the data to encrypt or decrypt. Salts and configurable slowness, the two mantras of good password processing, are to be applied on step 1, not step 2. The encryption algorithm is applied to whatever data is to be encrypted.The password is transformed into a key suitable for the symmetric encryption algorithm which is to be used.When doing encryption while using a password as key, there are two phases: If you had say a 6 word diceware passphrase (77 bits of entropy) it would take 100 billion years of today's CPU time to break. Eight random characters (upper/lowercase + numbers) ~ 2 47 ~ 10 14? The quoted benchmark may take ~10 microseconds (10 -5 s) to try one password so you could try 10^14 passwords in a 10 9 s ~ 100 years of CPU time which is in the realm of feasibility for say gov't to eventually break. You probably should be using a passphrase. However, you mention you have a complex password. There have been no extensions to these results since they were "But even from a theoretical perspective, Twofish isn't even remotelyīroken. Wikipedia lists some progress on attacks of twofish, but concludes by quotes the first author of the a decades old published partial attack: (these are benchmarks for encryption but should be similar). The time necessary to check a single passphrase of twofish and DES are both similar (see time/cycles to set up key and IV - initialization vector): I think that Password Safe now supports something like the work factor of bcrypt, but if I'm going to use the Spolsky method of sharing my file between computers with Dropbox, I want to be very sure that, if it fell into the wrong hands, nobody would be able to brute force it.Īssuming I've chosen a complex password, how secure is the encryption on these files?īy fast, they mean once you've set up a decryption key (e.g., entered your passphrase), you can decrypt a large or small file very quickly. I want it to be very difficult to brute force my password file, so I want the decryption be relatively slow. Password Safe protects passwords with the Twofish encryptionĪlgorithm, a fast, free alternative to DES.Īlthough I respect Schneier, the "fast" encryption part gives me pause. Password Safe was created by Bruce Schneier, who said the following about it: They use the same file format, so you can alternate between the two, using the same file, as Joel Spolsky recommended. Both store a list of user passwords in a file, which is encrypted using a master password. Password Safe and Password Gorilla are both programs to manage passwords.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |