WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Password Safe. Using Bcrypt  (Read 2411 times)

Offline spence91

  • Jr. Member
  • **
  • Posts: 80
Password Safe. Using Bcrypt
« on: August 20, 2012, 07:34:17 AM »
I was browsing the TCL forums and saw a request from user 'Netmonad' for a new extension for the 'pwsafe' application.
Here: http://forum.tinycorelinux.net/index.php/topic,13877.0/topicseen.html

It's not immediately obvious what encryption is used, but it got me thinking about what I currently use - a simple text file with usernames and passwords (comma seperated) which is then encrypted with bcrypt - the one that is standard in TCL. I do this because it's simple and compatible with all my electronic devices (android, windows, ARM linux, x86 linux etc etc).

To get a password, I decrypt to stdout and grep. To edit, I decrypt to RAMDisk, edit and then encrypt again, so nothing in plain text gets written to disk.

I'd like to know what people's opinion is on the safety of this, and bcrypt in general.
What do you guys use?

(Edited for clarity.)
« Last Edit: August 20, 2012, 08:55:19 AM by spence91 »

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 10993
Re: Password Safe. Using Bcrypt
« Reply #1 on: August 20, 2012, 07:48:20 AM »
I use openssl's blowfish, though my file doesn't contain usernames or passwords, it merely contains lines of "site: password hint".

The safety of your operation sounds good. Remember that bcrypt shreds the original file N times after encrypting, so there is nothing recognizable in your RAM at that spot after power off.

Possible vectors to your operation would be swap, and of course owning the machine.

--

The bcrypt app has one weak point, to gain the 448-bit key it repeats your password until it's long enough. So if your password was "bear" the resulting key would be "bearbearbear..." up to 448 bits.

This is only a downside if you happen to have a cyclic password, then it can be decrypted only using the smallest portion.
The only barriers that can stop you are the ones you create yourself.