RE: Security of Password-Managers

From: Vertical Rave (
Date: 05/11/02

From: "Vertical Rave" <>
Date: Sat, 11 May 2002 03:11:11 +0000

Another way that you could keep yourself secure is to group passwords into
certain databases, with a specific seperate password for each. That way if
one password was compromised, you would still have at least another set to
be compromised before you took action.

Personally, I don't like to keep everything in one database, it may seem
like a good thing to do, but unless I come up with the largest password on
Earth to protect it, and the biggest and baddest cipher then its not going
to be possible for me :)

My two cents.
If you're looking for a good cipher, go with anything that is 128bits or
above. 1024 should be hard to crack security. If you're offered DES, dump
that and go with Triple DES.
You're not alone. I'm 16. I started working on computers at 7 before the
internet was large, so I don't have that oppertunity that you did. :)
SSNet/FreeLinuxCD Administrator

>From: "Sullivan, Glenn" <>
>To: 'Adam Shephard' <>, "'Jonas V.'"
>Subject: RE: Security of Password-Managers
>Date: Thu, 9 May 2002 15:23:18 -0400
>To "kick it up a notch" (bam!) I have borrowed from a suggestion on one of
>the security mailing lists:
>I have a password manager program (can't remember the name right now... it
>is for reference only, in case I get hit by a bus or get amnesia) but I
>two copies of the database on USB Memory Sticks. One copy is attached to
>keys, which are janitor-chained to my belt, and another copy is in the
>with rest of the critical info.
>Glenn Sullivan, MCSE+I MCDBA
>David Clark Company Inc.
>-----Original Message-----
>From: Adam Shephard []
>Sent: Wednesday, May 08, 2002 5:47 PM
>To: 'Jonas V.';
>Subject: RE: Security of Password-Managers
>I've only read a bit about Oubilette in the past but it sounded like the
>encryption provided there was not bad-Blowfish, if I remember correctly.
>However, anytime anybody can get to all your passwords by cracking one of
>them you lose a certain amount of security.
>Basically, you have to balance what you want to protect against how much
>work you need to do to protect it. If it's something that should be highly
>secure, I wouldn't use a password manager at all.
>By the way, your English is fine. Considering that you are 12 and you have
>some basic knowledge of the concepts of password security and there are
>English-speaking, network-managing adults who aren't even aware that you
>shouldn't install IIS if you don't need to serve web pages, you can speak
>any way you want!
>-----Original Message-----
>From: Jonas V. []
>Sent: Tuesday, May 07, 2002 11:37 AM
>Subject: Security of Password-Managers
>I want to use a password-manager like "Oubliette".
>Is this very insecure?
>I can choose a very hard master-password with more than 96 bits lenght.
>What encryption-algorithm and key-lenght use a program like this?
>Thanks for everything!
>Jonas Vondran <>
>Please don't laugh about my english!
>I'm german and 12 years old.

Join the world’s largest e-mail service with MSN Hotmail.