AceBIT

I would be interested in buying your software (password depot), but I am a bit confused about what kind of encryption are you really using.

In fact you mention that you use "encryption algorithms LIKE BlowFish and Rijndael", that means that you are not using blowfish or Rijndael but something similar.

Would it be possible to have more non-confidential technical details about your encryption(e.g. 448bit, etc...)?

Thanks
Fabio

We're using both of them. All password files are encrypted twice.

Deleted passwords are deleted permanently, so that the can't be restored with the best known methods.

For security reasons we won't tell more, but I can say the bit rate is very high.

What a joke. You just lost any chance of having my business.

If you used good methods and technology, it wouldn't matter how much information you gave out. Being secretive just raises doubts about how well security has been implemented in Password Depot, not to mention what security (or lack thereof) was implmeneted in the first place!

Security through obscurity is a farce. Give it up. The bit rate of the encryption used is not the most important thing. Are you encrypting data in memory, or is it plaintext? Do you clear the clipboard after sensitive data is copied to it? What hash algorithm do you use for passwords? When the master password is changed, is all data re-encrypted, or is the header merely changed to reflect the new hash?

Oh, I know--these are all "secret". Yeah, so is my credit card number where you're concerned.

Sure you can get answers to your questions, but yo have not asked for this things in your last posting, so I'm sorry for this lack of informations:



The datas are encrypted in memory, too.



Yes, there is an option where users can select how long the datas stay in clipboard. After that time the datas are removed from the clipboard



All datas are reencrypted after the change of your master keyword.

I tend to agree.
I have spent the last few hours searching for the 'right' tool to manage my login and password information. This utility looked as though it had the best potential so far. Still, one of my prerequisites was that it had to have encryption at least equivalent to 448-bit BlowFish.

That is not the only factor but it IS a big one. Double-encryption of a 128-bit Blowfish with a 56-bit encryption standard (I know it is likely 128 but since I have to guess...) just doesn't fill me with that "warm-fuzzy" that I am looking for. Now if you want to impress me tell me that it is double-encrypted with 448-BF and then another 128-256-bit encrytpion. (let's have anyone who manages to decrypt the original level face a tougher game just when they though they were through)

So - with the understanding that 128 * 128 encryption does NOT equal 448 encryption - is your encryption method at least equal to 448-bit Blowfish?

Thanks

Hank S.

We get more security with the use of wo completly different encryption methods (Blowfish AND Rjindael) then using one with highest possible bit rate. So we get more security then would be possible with using only Blowfish 448 bit encryption.

As Password Depot uses two stong encrytion mehtods it is nearly impossible (nearly because every electronicly encrypted file can be hacked, 100% security is not possible with current technologies) to crack the algorhythm if your Master Password is long enough (we suggest to use 8 digits or more long master-passwords containing special characters as well as letters and numbers).