Password Safe

Discussion in 'other software & services' started by Lavender, Sep 21, 2004.

Thread Status:
Not open for further replies.
  1. Lavender

    Lavender Registered Member

    Joined:
    Sep 19, 2004
    Posts:
    7
    I have been told that the new software PasswordSafe ( can get from http://sourceforge.net/projects/passwordsafe/.) is a perfect tool to store passwords.. but I don't really trust such a product before asking experts (and that is you) ...Well, need somebody to tell how well does the PasswordSafe "solve" the passwords problem (its hard to remember them all)? is it really useful? If not, any alternatives?
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I was just wondering why you couldn't create a folder in xp and put your passwords in it and encrypt it. it should be secure.
     
  3. Lavender

    Lavender Registered Member

    Joined:
    Sep 19, 2004
    Posts:
    7
    I have done that before but my evil administrator figured that out..I don't know how did he manage to do so...

    All what am trying to do here is to check if its a safty program (I mean password safe) is it safe enough as the name says!!?? does it have any weak point
     
  4. justicemaker

    justicemaker Guest

    As far as i know all password managers have at least one flaw. When you first type in your passwords to the manager they can be easily figured out if someone just puts a keystroke logger on your computer, like your administrator probably did.

    Roboform is one of the best password managers, but it still has this flaw too, as far as i know.

    Other flaws? I'm looking into that myself right now as well. I'm sure there are other flaws too, it's just a matter of discovering them.
     
  5. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    As I understand it, the Blowfish encryption that Password Safe uses has never been cracked or broken. But as the above poster stated if a keystroke logger is being used, all bets are off. Do AdAware and Spybot detect keystroke loggers?

    Acadia
     
  6. justicemaker

    justicemaker Guest

    I believe Adaware and Spybot do detect very few keyloggers, so i wouldn't rely on them for detecting keyloggers. I would recommend using Spycop, Spysweeper (but in my tests Spysweeper missed many keyloggers if they were simply renamed), Pest Patrol (did ok with keyloggers, but too many false positives), Antivir (free. Did very well, even when keyloggers were renamed), A2 (free. Misses just about everything). There are many other programs for the detection of keylogggers, but i have not yet tested them. Hope this very limited list help out.
     
  7. steverio

    steverio Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    161
    I'm not sure what your need is to store PW's on a machine that is under <smile> evil administrator control. Maybe to access web or email accounts?...if so, you could look at EmailVoyager.


    Haven't used PasswordSafe but I use AccountLogin for both PW's and Logins.
     
  8. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Lavender,

    Basically if your admin has physical access to your computer (whether you are there or not), your goose is cooked. It's the company's computer so they can put anything they want on it and monitor you in several ways while you are on company time. This was disscussed over here.
    They could also have the keyboard itself contain a hardware keylogger.
     
  9. Lavender

    Lavender Registered Member

    Joined:
    Sep 19, 2004
    Posts:
    7
    Whats a keylogger? is it like typing recorder!! :doubt: How?! he don't have a physical access to my computer..I guess he control everything through the server..
     
  10. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    A keylogger can be a software program that is installed on a computer that remains hidden and records every keystroke you type including master passwords to password safe. There are also hardware keyloggers that are even more difficult to detect. They can be small adapter looking devices that fit inline on the end of the keyboard cable. They can also be integrated into the keyboard itself. It just depends on how much they want to spy on you. Are you sure the "Evil Admin" cannot physically access your computer when you leave work?
     
  11. Lavender

    Lavender Registered Member

    Joined:
    Sep 19, 2004
    Posts:
    7
    Alright, how to know if this kind of keylogger thing is installed or not!! does it has another name or something!!

    Again, the evil don't have access to my laptop (am supposed to carry it with me)...thats not the point, I would more likely try this Password safe or the Antivir

    Still wondering about the keylogger, how can somebody else install such a program say in my own account or computer..
     
  12. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    A password manager like password safe, keepass password safe, or roboform is a very good idea. I think you should use one.
    Follow the link in post 8 for some more ideas. Since it is a laptop and you are using the laptop's keyboard, a hardware keylogger is unlikely. Whose laptop is it? Did the company give it to you with windows already setup? If so, they could have easily installed a software keylogger or other remote monitoring software. Do you connect to a LAN while at work?
     
  13. justicemaker

    justicemaker Guest

    Lavender

    I would just like to add that there is no guarantee you can find the keylogger with Antivir, (found here for free http://www.free-av.com ) if one is being used, so keep that in mind also. There are just too many keyloggers out there for one program to detect them all.

    No program designed to find keyloggers is perfect at finding them, but you will have a better chance using more that one program that detects keyloggers. Such as Spycop ( found here but not free http://www.spycop.com ) along with your anti-virus and perhaps Antivir as another opinion.

    Also, Antivir is an anti-virus, so if you already have an anti-virus on your computer make sure you disable all of Antivir's scanning features to prevent a conflict with your regular anti-virus and run only manual on-demand scans with Antivir.

    I don't know of any other way than manual inspection to find a hardware keylogger.
     
  14. Rok

    Rok Lurker

    Joined:
    Oct 22, 2004
    Posts:
    1
    I think that using password managers is realy good idea, becourse you have type your password only one time and probability that keyloggers can save this info fast decrease. After you typed your password and saved it with password manager you don't need to type this password again and this means that keyloggers cannot grab it. My choise - handypassword , it's free very usefull and secure password manager, that can save your online passwords from browser and save it in one encrypted file.
     
  15. bill2

    bill2 Guest

    It's simple enough for any programmer to make his product use one of the "unbreakable" encryption algos like CAST, IDEA,BLOWFISH,AES etc ,

    but Almost as important is the question of proper implementation. A "unbreakable" encryption is worthless if it's implemented wrongly and there are lots of ways for a program that appears to work perfectly but contains subtle flaws.

    Password safe was *originally* done by Schneier (the inventor of blowfish) so if anyone understands it, he does.

    But it's now a open source project, I dont know how good the guys who do it are.
     
Loading...
Thread Status:
Not open for further replies.