![]() |
|
|
|
|
|||||||
| Forums | Portal | Register | Forum Rules | FAQ | Contribute | Members List | Arcade | Search | Today's Posts | Mark Forums Read |
| UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !! |
|
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Password Strength Analyser and Generator library 1.3.0.1 (Default branch) | iBot | Software Releases - RSS News | 0 | 05-29-2008 07:00 PM |
| User name and password encryption | satguyz | High Level Programming | 5 | 02-23-2007 08:10 AM |
| File password protection/encryption | rdudejr | AIX | 2 | 07-09-2006 03:43 PM |
| Password encryption/decryption in flat-text files | domivv | High Level Programming | 2 | 03-04-2005 07:38 AM |
| Zipping with password or encryption | dsimpg1 | UNIX for Dummies Questions & Answers | 2 | 09-20-2001 09:57 PM |
|
|
Submit Tools | LinkBack | Thread Tools | Display Modes |
|
#1
|
|||
|
|||
|
Password safe encryption strength
I'm not sure if this is the right forum for this or not but we use a program called "Password Safe" to store the many root passwords we have for our Unix system.
Now we are being called out by our security team to prove that this is a safe program to use. So far I have been able to determine that this program uses the Blowfish encryption algorithm but cannot determine the strength of the encrytpion. All I have found is that Blowfish uses a 64-bit block cipher and has a variable key length of 32 bits to 448 bits. Does anyone know what strength Password Safe is using? |
| Forum Sponsor | ||
|
|
|
#2
|
||||
|
||||
|
Strength, in relation to a crypto algorithm, is not a quality that has number. Blowfish is considered better than DES by most folks. The 32 bit to 448 bit key length is determed by you. To get stuff out of the safe, the program must prompt you for a password. Is your password 4 characters? If so you are using a 32 bit key. A password that short is easily guessed. Blowfish can handle a 56 character password which is 448 bits.
Actually ascii is a 7 bit code. For most of us, 7 bits is really all we get per password character. Since we probably don't use control characters, it is really less than that. Longer passwords mean more security. That is the real problem with Unix passwords... 8 characters is not enough today. I hope you're using a nice long password. A statement like: "The program is open source and code is on sourceforge. It uses Blowfish and we use a password that is at least 12 characters." would constitute proof as far as I'm concerned. If they think that is not good enough, I would want to see their proof of that. Rather long passwords in conjunction with proof that Blowfish is in use should be enough to satisfy your security people. |
||||
| Google The UNIX and Linux Forums |