10-19-2005
Password safe encryption strength
I'm not sure if this is the right forum for this or not but we use a program called "Password Safe" to store the many root passwords we have for our Unix system.
Now we are being called out by our security team to prove that this is a safe program to use. So far I have been able to determine that this program uses the Blowfish encryption algorithm but cannot determine the strength of the encrytpion. All I have found is that Blowfish uses a 64-bit block cipher and has a variable key length of 32 bits to 448 bits. Does anyone know what strength Password Safe is using?
7 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
In unix, i know the password encrypt by using salt
But how does it work? And how windows protect its password?
Thank you for helping in advance (5 Replies)
Discussion started by: cryogen
5 Replies
2. Cybersecurity
I need to periodically run a check on the passwords of the users (Redhat 5.0) to verify that all passwords meet minimal standards. I remember seeing a script years ago that grabbed the encrypted passwords from the file and checked if they matched any of the encrypted strings in another file, plus... (1 Reply)
Discussion started by: tlynnch
1 Replies
3. UNIX for Dummies Questions & Answers
For moderator: I made a new thread in a proper part of the forum now https://www.unix.com/homework-coursework-questions/137119-user-processes.html
But now i wan't to make something which isn't related to a homework, so i hope
you won't close this one. Thanks to those two answers, you helped me!... (9 Replies)
Discussion started by: petel1
9 Replies
4. Shell Programming and Scripting
Hi, I have a Java app that looks for some parameters in a .properties file such as username and password. However I don't want to leave the password in a text file and I can't modify the app...
Does anyone have some idea about how to encrypt/hide/etc the password so it's not freely accessible... (1 Reply)
Discussion started by: Tr0cken
1 Replies
5. Cybersecurity
Hello, on my android device my app autosaves my password and it encrypts by TLS
im not politically exposed person, just regular entrepreneur. Should i worry if i loose my phone with TLS encrypted password? Or regular mortals or casual hackers are not able to crack it? (4 Replies)
Discussion started by: postcd
4 Replies
6. UNIX for Dummies Questions & Answers
if I change my password on two different servers, using the same string but the encrypted password in /etc/passwd look different.
If I copy an entry from one /etc/password to the other server. I can still log in to both servers using the same password. Only now both /etc/passwd entries are... (2 Replies)
Discussion started by: C0ppert0p
2 Replies
7. Shell Programming and Scripting
I am working on a script where we are using sqlplus command to connect to Oracle DB. But the schemaname and password used for sqlplus authentication, have to be hardcoded in the script.
DBconnection=scott/tiger@SID
sqlplus $DBconnection
Here any user who reads the script can read the... (1 Reply)
Discussion started by: max29583
1 Replies
LEARN ABOUT DEBIAN
password-gorilla
PASSWORD-GORILLA(1) General Commands Manual PASSWORD-GORILLA(1)
NAME
password-gorilla -- a password manager
SYNOPSIS
password-gorilla
DESCRIPTION
The Password Gorilla helps you manage your logins. It stores all your user names and passwords, along with login information and other
notes, in a securely encrypted file. A single "master password" is used to protect the file. This way, you only need to remember the single
master password, instead of the many logins that you use.
If you want to log in to a service or Web site, the Password Gorilla copies your user name and password to the clipboard, so that you can
easily paste it into your Web browser or other application. Because the password does not appear on the screen, Password Gorilla is safe to
use in the presence of others.
The convenience of Password Gorilla allows you to choose different, non-intuitive passwords for each service. An integrated random password
generator can provide one-time passwords, tunable to various services' policies.
FILES
The program creates a configuration file .gorillarc in the homedirectory of the user.
REPORTING BUGS
Bugs can be reported through the Debian Bug Tracking System at http://bugs.debian.org.
AUTHOR
Author of password-gorilla is Frank Pilhofer <fp@fpx.de>
This manual page was written by Patrick Schoenfeld <schoenfeld@in-medias-res.com> for the Debian system (but may be used by others). Per-
mission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 any later
version published by the Free Software Foundation.
On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.
PASSWORD-GORILLA(1)