Other Dialogs
About CounterpaneHow many passwords and user names do you have to keep track of? Chances are that the answer is "lots." It was bad enough when you only needed a password to access your network or shell account; now many websites want passwords too. Most people resort to keeping a written list of passwords (unsafe) or using the same password on many systems (very unsafe). Now, with Password Safe, you can keep a master list of passwords securely encrypted on your computer. A single Safe Combination unlocks them all.
Password Safe protects your passwords with Bruce Schneier's Blowfish algorithm, a fast, free alternative to DES and IDEA. Details on the Blowfish algorithm, including speed comparisons and an extensive list of products that use Blowfish, are available at http://www.counterpane.com/blowfish.html
Password Safe allows you to have any number of different password databases. For example, you can store your website passwords in one, your Unix account passwords in another, etc. Don't forget to backup your various databases often. If you wish to have only one database, no problem. Password Safe will take care of all the detail for you and you don't need to bother with any of the file handling commands.
Getting Started
You can start protecting your passwords with Password Safe in three easy steps.
When you first start up Password Safe, it will ask you to create a combination. The combination is just like a password; it can include letters and punctuation as well as numbers. Your safe combination keeps all your other passwords safe, so don't use something that's easy to guess -- especially if someone else could get access to your computer. Safe combinations are case sensitive; "e;hello"e; is different from "e;HELLO"e;.
When you've chosen your combination, type it in the box marked "Safe Combination," then again in the box marked "verify." Then click OK. The OK button will only be activated if you typed the same Safe Combination both times.
Whenever you start up Password Safe, it will reopen (with the proper password, of course) the last open password database. If this database cannot be found, you will be able to browse for another one or create a new blank database.
After you've created your combination, you can start entering passwords. Just select the menu item titled Add Entry or click the toolbar button. Enter the name of the service this password is for, your username on that service (if any), and then the password itself. You can also set a default username in the Options dialog box.
You can use the "Notes" field to enter any other information you need to remember about the service -- phone numbers, URLs, etc.
To copy a password to the Windows clipboard, just double-click on the desired title. Or you can highlight the tile and select the Copy Password to Clipboard menu item. You can then paste the password into whichever Windows application requires it. (If the application does not provide a Copy command on its menu, you can still paste by hitting Control-V or Shift-Insert.)
The clipboard will be cleared when you close Password Safe.
Password Safes main window shows the entries in a list. The first time this list is shown there will be columns for the title, username and notes although the password can also be shown if desired by setting an option.
The menu bar options are described in the following sections:
File MenuNew...
This option allows you to create a new password database.
Open...
Select this menu item open a different password database. You will be prompted to save the current database if necessary/desired. You can see the name of the current database at the top of the main window.
Recent files
Password safe remembers the four most recently opened password databases, these are available for selection here. If you choose one of these files you will be prompted for its password, and if entered correctly the current database will be closed, after saving it if necessary, and the new database will be displayed.
Save
Select this menu item to save the current password database.
Save As...
Select this item to save the current password database under a different name. A version under the old name (without the most recent changes) will still exist.
Exit
Exits Password Safe. You will be prompted to save the current database if necessary
Edit Menu
Select this menu item to add a password to the current database.
Select this menu item to view or change a password you've entered.
Delete Entry
To delete an item, highlight its title and select this menu item. You will be asked to confirm deletion of the item if the Confirm deletion of items option is checked.
Find Entry
To search for an entry that contains the given text in any field except the password.
Copy Password to Clipboard
To copy a password to the Windows clipboard, just double-click on the desired title. Or, you can highlight the title and select the Copy Password to Clipboard menu item. You can then paste the password into whichever Windows application requires it. (If the application does not provide a Copy command on its menu, you can still paste by hitting Control-V or Shift-Insert.)
The clipboard will be cleared when you close Password Safe.
Copy Username to Clipboard
To copy a username to the Windows clipboard, highlight the title and select the Copy Username to Clipboard menu item. You can then paste the password into whichever Windows application requires it. (If the application does not provide a Copy command on its menu, you can still paste by hitting Control-V or Shift-Insert.)
The clipboard will be cleared when you close Password Safe.
Clear Clipboard
To securely clear a password from the Windows clipboard, select the Clear Clipboard menu item. If another application has copied data to the clipboard, the clipboard will not be cleared.
Manage Menu
Change Safe Combination
Select this menu item to change the Password Safe combination for the current database. Type the combination in the box marked "Safe Combination," then again in the box marked "verify." Then click OK. The OK button will only be activated if you typed the same Safe Combination in the same case both times.
Make Backup
Choose this item to make a backup of the current password database.
Restore from Backup
Select this menu item to restore a previously made backup of a database. The restored version will be unnamed. You will have to give it a name in the Save As dialog if you wish to keep it.
Update V1.1 Backups
Choose this item to convert Version1.1 backup files to the new format. This simply adds a .bak extension to the file if it does not already have it. A list of altered backups and their location will be displayed, and you will have the option of saving this list to disk. Password Safe will also delete references to backups that no longer exist.
Options
Select this menu item to set these options.
Help Menu
Get Help
Shows this help file.
About Password Safe
Shows brief details about Password Safe.
Options Dialog
The options dialog allows you to customise the way that Password Safe works. There are five tabs of related options that are described in the following sections:
Display Tab
Always keep Password Safe on top
If this option is checked, Password Safe will be kept on top of all other windows. This option is disabled on Pocket PC.
Show password in display list
If this option is checked, an extra column will be added to the main display to show the password.
Show password by default in edit mode
If this option is checked, the password will not be initially obscured by asterisks in the Edit/View window.
Double-click shows password
This option controls what happens when an item in the password list is double-clicked. If checked then a dialog will be displayed showing the password for the item. If unchecked the password will copied to the clipboard.
Security Tab
Clear the clipboard when minimized
If you check this option, the clipboard will be cleared when you minimize Password Safe.
Lock password database on minimize and prompt on restore
If you check this option, sensitive information such as your safe combination and the names of the items will be cleared from memory when Password Safe is minimized. When Password Safe is restored, you will be prompted for the Safe Combination.
Confirm password database save on minimize
If you check this option, Password Safe will remind you when it automatically saves the password database on minimize. Unchecked, the password database will be automatically saved.
Confirm item copy to clipboard
If you check this option, Password Safe will notify you when a password is copied to the clipboard. Once you've gotten used to how Password Safe works, you will probably want to uncheck this option.
Password Policy Tab
Default password length
This option sets the number of characters that will be generated when a random password is generated in the Add or Edit entry dialogs.
Use lowercase letters
If this option is checked, lower case letters will be used in the generated password.
Use uppercase letters
If this option is checked, upper case letters will be used in the generated password.
Use digits
If this option is checked, digit characters will be used in the generated password.
Use symbols
If this option is checked, certain symbol characters, such as &, %, $ and so forth, will be used in the generated password.
Use only easy-to-read characters
If this option is checked then certain characters such as O (oh) and 0 (zero) will be omitted from the generated password.
Username Tab
Use default username
If this option is checked, the username entered in the field below will not be displayed in the main list box, and will automatically be inserted into the username field in the Add dialog box.
Query user to set default username
If this option is checked, whenever you enter a username for a new item and there is no default username, you will be prompted to set it as the default username if desired. See above for more information about default usernames.
Misc Tab
Confirm deletion of items
When this option is checked, Password Safe will confirm that you want to remove the selected item when you issue the Delete command.
Save database immediately after Edit or Add
If this option is checked, Password Safe will automatically save the password database whenever an entry is added or changed.
Add DataIn this window, you can add a new entry to the current database. Enter the name of the service this password is for in the box marked "Title" and your username on this service (if any) in the box marked "Username." If you have entered a default username, it username will be automatically entered in this field. Then enter the password itself in the box marked "Password." You can use the "Notes" field for any other information you need to remember about this item -- such as a URL or phone number.
You can leave the username and notes fields blank, but you must enter data in the title and password fields.
Note that the entry for this item in the list in the main dialog with be the service name and user name separated by a dash.
Edit/View DataIn this window, you can change the information you've stored for an entry. By default, the password will be replaced with a line of asterisks. To view your existing password, hit "Show Password."
If you make a mistake and want to leave this window without saving your changes, hit "Cancel." To save changes, click the "OK" button.
Copy Password to ClipboardThis dialog lets you know that the password you've selected has been copied to the clipboard. You can now paste it directly into the application, dialog, or Web form that needs a password.
If you're pasting the password into a dialog, you probably won't have a Paste command available, but you can still paste using the keyboard shortcuts control-V or shift-insert.
Safe Combination ChangeUse this window to change your Safe Combination for the current database. You will need to enter the old Safe Combination, then enter the new combination twice. The combinations will be masked by asterisks. The combinations are case sensitive; the safe combination "e;hello"e; is different from "e;HELLO"e;.
Safe Combination EntryThis window appears when you start up Password Safe and whenever you open a different database or restore a backup. Enter your safe combination and click OK. Safe combinations are case sensitive; "hello" is different from "HELLO".
If you enter the safe combination incorrectly three times, the Safe Combination Entry Error window will appear. This window lets you try to open another database or start a new one.
Safe Combination Entry ErrorThis window appears if the Safe Combination has been entered incorrectly three times. If you just mistyped your safe combination, you can choose to try again. You can also choose to browse for another database to open or to create another, completely new, database.
If you've forgotten your safe combination, just leave that database for now. You'll be able to reopen this database later if you remember your combination. Unfortunately, nothing can be done if you forget your password entirely. The security of this system rests on the fact that the database cannot be recovered without the password.
Delete Confirmation DialogClick yes to delete the selected entry. Click no if you don't want to delete it.
Safe Combination EntryThis window appears when you create a new database, either from the initial dialog when you start Password Safe, or when you select New... from the file menu
Enter the combination for the new database and in the confirmation box. You will be warned if the two passwords do not match or if the password is cryptographically weak.
Username Entry DialogThe username entered in this dialog box will be added to all the entries in the username-less database that you just opened. Click Ok to add the username or Cancel to leave them as is.
You can also set this username to be the default username by clicking the check box. In this case, you will not see the username that you just added in the main dialog (though it is still part of the entries), and it will automatically be inserted in the Add dialog for new entries.
Set Default Username?This dialog lets you set the username that you just entered as the default username. The default username is not displayed in the main dialog and will be automatically inserted in the Add dialog box.
You can adjust the current default username setting in the Options dialog box.
Add a Username to All Entries?This dialog appears when you open a password database without any usernames in the entries.
Click Yes to get a dialog box that will allow you to enter a single username that will be added to all the entries. Click No to leave the database as it is.
About CounterpaneCompany Information
Counterpane Systems is a cryptography and computer security consulting firm. We are a virtual company based in Minneapolis, with three full-time employees and six part-time contractors. Counterpane provides expert consulting in the following areas:
Design and Analysis. This is the majority of Counterpane's work: making and breaking commercial cryptographic systems and system designs. We can analyze all aspects of a security system, from the threat model to the cryptographic algorithms, and from the protocols to the implementation and procedures. Our detailed reports provide clients with information on security problems as well as suggested fixes.
Counterpane Systems has worked in areas such as:
Implementation and Testing. Counterpane Systems also turns designs into commercial programs. We have implemented and tested many cryptographic systems, both from our own designs and from industry standards such as SET, S/MIME, and SSL. Counterpane also performs security testing and verification of software implementations and products.
Threat Modeling. Using attack tree analysis, Counterpane Systems provides a comprehensive threat analysis of systems and products. This kind of analysis can determine a system's vulnerability and the avenues of attack most likely to succeed. We can calculate the time, money, and resources necessary to attack a system, determine the security effects of different business decisions, and list the security assumptions a system is based on. Attack trees can compare attacks and countermeasures, and isolate areas where security can most profitably be improved--or most profitably be attacked.
Product Research and Forecasting. Counterpane Systems assesses potential product ideas, and gives opinions on their viability in the marketplace. We also maintain a large database of competitive information, and can provide information on existing security-related products. We publish occasional reports on different areas of commercial cryptography--electronic commerce, Internet security, public-key infrastructure, secure tokens--and make these reports available to clients.
Classes and Training. Counterpane Systems provides a wide variety of training services, from hour-long tutorials on the basics of computer security to week-long classes on the mathematics of cryptography or the philosophy of secure system design. Other classes include advanced protocol design and analysis, Internet security protocols, public-key infrastructure, and electronic commerce security. Classes can be tailored to suit individual needs.
Intellectual Property. Counterpane Systems has considerable experience writing patent disclosures for cryptographic inventions. We provide opinions on patentability and prior art, and can help clients find new ways to implement systems which avoid infringing on existing patents. We maintain a database of more than 1000 cryptography-related patents.
Export Consulting. Counterpane Systems can help clients go through the process of receiving Commodity Jurisdictions from the U.S. Department of State, and get their products approved for export from the U.S. Department of Commerce.
Theoretical and Applied Cryptographic Research. Counterpane Systems continually pursues cryptographic research. By publishing papers at international academic conferences, we maintain our state-of-the-art knowledge and experience in cryptography.
Clients. Counterpane Systems has provided consulting services for clients on five continents, including American Express, Canon, Citibank, Compaq, Dallas Semiconductor, Disney, Hughes Data Systems, Intel, Intuit, MCI, Merrill Lynch, Microsoft, Mitsubishi, National Semiconductor, Netscape, NSA, Oracle, Security Dynamics, Silicon Graphics, Stac Electronics, Veridicom, Visa, and Xerox. Contracts range from short-term expert opinions and design evaluations to multi-year design and development efforts.
COUNTERPANE SYSTEMS PERSONNEL
BRUCE SCHNEIER is president of Counterpane Systems. He is the author of Applied Cryptography (John Wiley & Sons, 1994 & 1996), the seminal work in its field. Now in its second edition, Applied Cryptography has sold over 80,000 copies world-wide and has been translated into four languages. His papers have appeared at international conferences, and he has written dozens of articles on cryptography for major magazines. He is a contributing editor to Dr. Dobb's Journal, where he edited the "Algorithms Alley" column, and has been a contributing editor to Computer and Communications Security Reviews. He designed the popular Blowfish encryption algorithm, still unbroken after years of cryptanalysis.
Schneier served on the Board of Directors of the International Association for Cryptologic Research, is a member of the Advisory Board for the Electronic Privacy Information Center, and is on the Board of Directors of the Voter's Telcom Watch. Schneier has an M.S. in Computer Science from American University and a B.S. in Physics from the University of Rochester. He is a frequent writer and lecturer on the topics of cryptography, computer security, and privacy.
JOHN KELSEY is an experienced cryptographer, cryptanalyst, and programmer who has designed several algorithms and protocols. He pioneered research on secure random number generators, differential related-key cryptanalysis on block ciphers, and the chosen-protocol attack against cryptographic protocols. His research has been presented at several international conferences, and he has broken many proposed commercial cryptographic algorithm, protocol, and system designs. He has a degree in economics and computer science from the University of Missouri in Columbia.
CHRIS HALL is experienced in mathematical cryptography (including elliptic curves), protocol design and analysis, and source-code security verification. He helped build various PGP products, including some cryptographic protocols and software in PGPfone. He discovered a major weaknesses in two different X Windows authentication schemes (the attacks and fixes weren't announced for six months so that major vendors could fix their software). Hall has a B.S. in Computer Science and Mathematics at the University of Colorado in Boulder.
DAVID WAGNER is a graduate student in cryptography at the University of California Berkeley. His cryptographic expertise includes both algorithms and protocols. He has publicly cryptanalyzed the Netscape random number generator, SSL 3.0, and the U.S. digital cellular encryption standard.
CONTACT INFORMATION
Counterpane Systems