Please Grade my Security

Since I have to work with a slew of different servers with different strong passwords, I am planning to install the KeePass Password Safe software(freeware) on my USB drive and use it to store and carry my passwords. Keypass allows you to save passwords controlled with a single master password. In that way in case someone finds the USB drive they cannot retrieve the passwords since it is encrypted(AES+Twofish).Further the software also deletes the records after 3 failed attempts. However I still feel unsafe with this implementation, while my boss thinks this is a perfect solution. On a scale of 1 to 10, where 10 is the most secure, what do you guys think is the safety rating of this arrangement.
4 answers Last reply
More about please grade security
  1. it does sound interesting but i am not familiar with the encryption type. with most things it can probably be hacked but the likely hood of somebody getting the usb device and trying to get access to is solely for the passwords that are on it and even knowing how to hack it is extreamly unlikely. only problem i see with it is that if you don't now the passwords and you loose the device it could be a pain in the but.

    i like the idea without knowing anything about the encryption type i can firmly give it a 7 maybe 8 on security. i may even give it a try myself.
  2. Do you mean AES and BLOWFISH?
  3. Quote:
    Do you mean AES and BLOWFISH?

    Yes. Thats what this Keypass software do to encrypt passwords. But since there is only one master password to open the list of all passwords I am a bit skeptical.
  4. Quote:
    Do you mean AES and BLOWFISH?

    No, he means AES and Twofish.

    Blowfish is a Fiestel network cipher designed by Bruce Schneier. It was examined and found to have certain weak keys that can reduce the complexity of some theoretical cryptanalytic attacks, although no one has found a way to exploit the weak keys.

    Twofish is a Fiestel network cipher designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. It uses some of Schneier's ideas from Blowfish, but it is not the same algorithm. Twofish was submitted to the NIST as one of several algorithms intended to replace DES. Twofish was not selected, Rijndael was selected instead and became AES.

    To my knowledge, there has been no successful cryptanalytic attack against Twofish.
Ask a new question

Read More

Security USB Drive Storage