Security review for Mac password storage application?

Jump to First Reply
timmmytimmmy
Posted:
in Mac Software edited January 2014
I'm considering the Mac password vault called Data Guardian.

How can I be assured that the encryption is implemented properly?

Comments

  • Reply 1 of 3
    Marvinmarvin Posts: 15,558moderator
    Quote:
    Originally Posted by Timmmy View Post


    How can I be assured that the encryption is implemented properly?



    You can't really until you can see the source code of the implementation they use and be able to determine that their algorithms are sound. What you can do is use a program that allows you to relocate the program's database - 1 password has this feature:



    http://help.agilebits.com/1Password3...ox_on_mac.html



    You can then move the database onto a read/write encrypted disk image (but again, you have to trust that the encrypted disk image developers implemented their algorithms correctly too). I would expect that even if the encryption implementations in some programs are flawed, they will still provide adequate security. They are only as secure as the password you use to encrypt them anyway.
     0Likes 0Dislikes 0Informatives
  • Reply 2 of 3
    timmmytimmmy Posts: 69member
    Funny that you mentioned 1Password.

    One of the reasons that I won't use it is because its file format does NOT encrypt everything.

    It leaves the title of each entry in plaintext.



    But, even if I had the source code for an app, I don't have the programming knowledge to understand it...
     0Likes 0Dislikes 0Informatives
  • Reply 3 of 3
    timmmytimmmy Posts: 69member
    Actually, I have looked at SlpashID and I definitely don't like it.

    It doesn't use the standard MacOS document paradigm. Instead it implements its own multi-user/multi-database system which is not consistent with the Mac OS document model.
     0Likes 0Dislikes 0Informatives
Sign In or Register to comment.