31. December 2005 19:58
This is a followon to Counterpane Systems'
free product Password Safe
. It's a nifty tool, but it didn't do a few things that I wanted.
Then the source code was made available
. I glanced at it and noticed that:
- it was a lot of code (more than seems necessary) and
- it had a few (minor) cryptographic mistakes.
Mostly because I was interested in writing my own version, I set off. This is written in C#, and uses the Microsoft .Net Framework.
It's a bit smaller (well, tremendously larger if you count the framework download against it), and has several additional features:
- All Unicode, all the time.
- Uses the AES-256 (Rijndael) algorithm to encrypt everything.
- Encryption is indirected: each string is encrypted using its own randomly generated key, and the keys are then encrypted using your passphrase.
- All data is kept encrypted in memory and is only decrypted exactly when needed. Counterpane's version kept all the data in memory in an unencrypted state. Note, however, that my keeping things encrypted is only a minor security enhancement as the master decyption key itself (not your passphrase) must be kept in memory at all times and so a very determined hacker may yet still be able to extract sensitive data.
- Files are stored as XML, which leads to future extensions without hackiness in the file format.
- Can load/save to a web site (if you have permissions on the web site and the site supports the WebDAV verb 'PUT').
- Can import v1.x Password Safe files.
- Keeps password generation rules per entry (ie, this web site only allows lower case letters and numbers, and must be 8 characters long, etc).
- Keeps a website per entry, and lets you directly launch the site from within Password Safe.
- Keeps a secondary password per entry, for those sites that require another password to do certain things (stock trading sites usually have a trading PIN in addition to your account login).
- Item categories. Distinguish between online stores and your online financial services. Keep credit card info seperate from product keys.
- Keeps a password and PIN history per entry.
- Nothing Planned at this time.
Download Password Safe.zip (55KB, x86/x64, 4 Aug 2009)
- No more opening the window offscreen! The window will now always open up fully on-screen.