I don't know the specifics of Oubliette, but is there also potential that it might intentionally share your passwords? Gator has some similar functionality and does "phone home" for undisclosed actions. So far I have only seen evidence of checking for updates of the software and/or ads, but it still worried me enough to uninstall after taking a look. Having a UNIX box on the wire during boot is a good way to sniff for this type of activity.
Has anyone reverse engineered or gotten a copy of the code and looked for this? Also, I agree with Adam, your written English is better than many of the other emails I get a day written by persons to whom English is the first (or only) language! I respect that. Steve Vawter UNIX SYSTEM ADMINISTRATOR Zone Labs, Inc. 1060 Howard Street San Francisco CA 94103 ph 415-341-8323 fax 415-341-8299 cell 510-409-9184 pager 877-933-0549 -----Original Message----- From: Adam Shephard [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 08, 2002 2:47 PM To: 'Jonas V.'; [EMAIL PROTECTED] Subject: RE: Security of Password-Managers Jonas, I've only read a bit about Oubilette in the past but it sounded like the encryption provided there was not bad-Blowfish, if I remember correctly. However, anytime anybody can get to all your passwords by cracking one of them you lose a certain amount of security. Basically, you have to balance what you want to protect against how much work you need to do to protect it. If it's something that should be highly secure, I wouldn't use a password manager at all. By the way, your English is fine. Considering that you are 12 and you have some basic knowledge of the concepts of password security and there are many English-speaking, network-managing adults who aren't even aware that you shouldn't install IIS if you don't need to serve web pages, you can speak any way you want! Adam -----Original Message----- From: Jonas V. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 11:37 AM To: [EMAIL PROTECTED] Subject: Security of Password-Managers Hello!! I want to use a password-manager like "Oubliette". Is this very insecure? I can choose a very hard master-password with more than 96 bits lenght. What encryption-algorithm and key-lenght use a program like this? Thanks for everything! Jonas Vondran <[EMAIL PROTECTED]> Please don't laugh about my english! I'm german and 12 years old.
