Please Grade my Security

tapsemi

Distinguished
Mar 29, 2007
3
0
18,510
Since I have to work with a slew of different servers with different strong passwords, I am planning to install the KeePass Password Safe software(freeware) on my USB drive and use it to store and carry my passwords. Keypass allows you to save passwords controlled with a single master password. In that way in case someone finds the USB drive they cannot retrieve the passwords since it is encrypted(AES+Twofish).Further the software also deletes the records after 3 failed attempts. However I still feel unsafe with this implementation, while my boss thinks this is a perfect solution. On a scale of 1 to 10, where 10 is the most secure, what do you guys think is the safety rating of this arrangement.
 

t2couger

Distinguished
Mar 6, 2006
135
0
18,680
it does sound interesting but i am not familiar with the encryption type. with most things it can probably be hacked but the likely hood of somebody getting the usb device and trying to get access to is solely for the passwords that are on it and even knowing how to hack it is extreamly unlikely. only problem i see with it is that if you don't now the passwords and you loose the device it could be a pain in the but.

i like the idea without knowing anything about the encryption type i can firmly give it a 7 maybe 8 on security. i may even give it a try myself.
 

tapsemi

Distinguished
Mar 29, 2007
3
0
18,510
Do you mean AES and BLOWFISH?

Yes. Thats what this Keypass software do to encrypt passwords. But since there is only one master password to open the list of all passwords I am a bit skeptical.
 

SomeJoe7777

Distinguished
Apr 14, 2006
1,081
0
19,280
Do you mean AES and BLOWFISH?

No, he means AES and Twofish.

Blowfish is a Fiestel network cipher designed by Bruce Schneier. It was examined and found to have certain weak keys that can reduce the complexity of some theoretical cryptanalytic attacks, although no one has found a way to exploit the weak keys.

Twofish is a Fiestel network cipher designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. It uses some of Schneier's ideas from Blowfish, but it is not the same algorithm. Twofish was submitted to the NIST as one of several algorithms intended to replace DES. Twofish was not selected, Rijndael was selected instead and became AES.

To my knowledge, there has been no successful cryptanalytic attack against Twofish.