Site icon Liquidmatrix Security Digest

PasswordSafe 3.0 vuln allows key recovery attack

The folks at ElcomSoft have discovered a flaw in the Password Safe product. PasswordSafe was originally written by security guru Bruce Schneier. This has since been rolled into an open source project. This product permits a user to save his/her passwords in an encrypted database that can reside on your local system or a USB key.

However, there is even more serious security flaw in version 3.0,
which allows to recover 256-bit database encryption key in a
reasonable time (under certain conditions). And with the recovered
encryption key, it is to decrypt all database records (logins,
passwords, etc) without the master password (so-called “Safe
Combination”).

Fun and games.

Article Link

Exit mobile version