Security review for Mac password storage application?

Posted:
in Mac Software edited January 2014
I'm considering the Mac password vault called Data Guardian.

How can I be assured that the encryption is implemented properly?

Comments

  • Reply 1 of 3
    MarvinMarvin Posts: 14,232moderator
    Quote:
    Originally Posted by Timmmy View Post


    How can I be assured that the encryption is implemented properly?



    You can't really until you can see the source code of the implementation they use and be able to determine that their algorithms are sound. What you can do is use a program that allows you to relocate the program's database - 1 password has this feature:



    http://help.agilebits.com/1Password3...ox_on_mac.html



    You can then move the database onto a read/write encrypted disk image (but again, you have to trust that the encrypted disk image developers implemented their algorithms correctly too). I would expect that even if the encryption implementations in some programs are flawed, they will still provide adequate security. They are only as secure as the password you use to encrypt them anyway.
  • Reply 2 of 3
    Funny that you mentioned 1Password.

    One of the reasons that I won't use it is because its file format does NOT encrypt everything.

    It leaves the title of each entry in plaintext.



    But, even if I had the source code for an app, I don't have the programming knowledge to understand it...
  • Reply 3 of 3
    timmmytimmmy Posts: 68member
    Actually, I have looked at SlpashID and I definitely don't like it.

    It doesn't use the standard MacOS document paradigm. Instead it implements its own multi-user/multi-database system which is not consistent with the Mac OS document model.
Sign In or Register to comment.