June 17, 2005
Password Safe: Bruce Schneier's Blowfish Utility
Keeping track of passwords and user IDs is tedious; doing so securely seems almost impossible. Numerous commercial products have pretended to solve the problem, but all that I've seen have fallen short in security, convenience, or both. Bruce Schneier -- a well-known security consultant, author of the classic security tome Applied Cryptography, and the creator of the Blowfish encryption algorithm -- has released to the open-source community his own personal password managagment tool called Password Safe.
Password Safe runs on both Windows and Pocket PC operating systems from either the local hard drive or a removeable USB thumb drive. Schneier's company, Counterpane Labs, verified the program's security, and the source code is available for public scrutiny on Source Forge. The program is easy to use -- interacting with the Windows copy/paste buffer. After gaining access to Password Safe through your master password, you click on the password entry you want to copy and then paste the associated user ID and password into the log-in screen or other authentication interface. This has the benefit of being both simple and secure from shoulder-surfing attacks.
The utility also sports an auto-type feature that generates the actual keystrokes required to fill a user ID and password field, letting you avoid the copy/paste step altogether. And for creating secure passwords on the spot, Password Safe incorporates a policy-driven password generator that produces secure passwords resistant to dictionary and other brute-force attacks.
Password Safe includes a thorough, HTML-based user guide that you can view readily in any Web browser.
Posted by Mel Beckman at June 17, 2005 9:50 AM
