The Flexomizer

Dave Whitney's Random Thoughts


Free Password Safe

This is a followon to Counterpane Systems' free product Password Safe. It's a nifty tool, but it didn't do a few things that I wanted.

Then the source code was made available. I glanced at it and noticed that:
  • it was a lot of code (more than seems necessary) and
  • it had a few (minor) cryptographic mistakes.
Mostly because I was interested in writing my own version, I set off. This is written in C#, and uses the Microsoft .Net Framework. It's a bit smaller (well, tremendously larger if you count the framework download against it), and has several additional features:
  • All Unicode, all the time.
  • Uses the AES-256 (Rijndael) algorithm to encrypt everything.
  • Encryption is indirected: each string is encrypted using its own randomly generated key, and the keys are then encrypted using your passphrase.
  • All data is kept encrypted in memory and is only decrypted exactly when needed. Counterpane's version kept all the data in memory in an unencrypted state. Note, however, that my keeping things encrypted is only a minor security enhancement as the master decyption key itself (not your passphrase) must be kept in memory at all times and so a very determined hacker may yet still be able to extract sensitive data.
  • Files are stored as XML, which leads to future extensions without hackiness in the file format.
  • Can load/save to a web site (if you have permissions on the web site and the site supports the WebDAV verb 'PUT').
  • Can import v1.x Password Safe files.
  • Keeps password generation rules per entry (ie, this web site only allows lower case letters and numbers, and must be 8 characters long, etc).
  • Keeps a website per entry, and lets you directly launch the site from within Password Safe.
  • Keeps a secondary password per entry, for those sites that require another password to do certain things (stock trading sites usually have a trading PIN in addition to your account login).
  • Item categories. Distinguish between online stores and your online financial services. Keep credit card info seperate from product keys.
  • Keeps a password and PIN history per entry.
Future Features:
  • Nothing Planned at this time.

Bugs fixed:

  • No more opening the window offscreen! The window will now always open up fully on-screen.
Download Password (55KB, x86/x64, 4 Aug 2009)

Comments (5) -

John McKenzie
John McKenzie

When opening Password Safe the application opens off the viewable screen in the upper left hand corner as if I had a second monitor. I need to rt. click the taskbar then move it back to the viewable area. Got any suggestions to fix this?


Dave Whitney
Dave Whitney

Is this when re-opening a previously saved file? It saves the window coordinates in the password file when you save it, and so there may be mungled up data there. Open the file, set the window where you want it, then save the file again. That should fix it.


Hi David!  Any chance of making your version of Password Safe also available as open source (I'd like to build it for Windows Mobile).  Thanks.


I'd be interested in the source for this too. I need better pw storing features, but don't want to get locked into one that is closed source. thanks!


I'm actually reengineering it for Windows 8 and Windows Phone 8 (and the fact that I've become a better programmer too). The source is going to change quite a bit.

As for your curiosity about how it works, you can decompile it using a variety of available tools.


Add comment

  Country flag

  • Comment
  • Preview