Encrypted Lockbox Aims to Clean Up Password Clutter

In the midst of a debate over the most practical and secure way to store and remember passwords, along comes word of renewed open-source development of Bruce Schneier's PasswordSafe lockbox.

Bruce Schneiers PasswordSafe lockbox, which provides a free utility for users to encrypt and manage multiple passwords on a computer, is ready for a new phase of open-source development.

The celebrated cryptographer, who is credited with designing or co-designing several widely used encryption algorithms, announced the release of Version 2.1 of the database utility as a full-fledged open-source project at SourceForge.

In a blog entry, Schneier said the project is now being managed by Rony Shapiro, a British programmer specializing in network security.

Schneier, who is founder and chief technology officer of Counterpane Internet Security Inc., said the tool is perfect for Web users who struggle to remember all their usernames and passwords.

"I have long advocated writing them all down on a piece of paper and putting it in your wallet, [but] I designed PasswordSafe as another solution," he explained.

He said the tool offers "security through simplicity" by encrypting all of a users passwords using a single passphrase.

/zimages/3/28571.gifClick here to read more insight from columnist Larry Seltzer about biometrics and password management.

"The program is easy to use, and isnt bogged down by lots of unnecessary features," Schneier said.

In an e-mail interview with Ziff Davis Internet News, PasswordSafe administrator Shapiro said the new version has been fitted with several new features and bug fixes, adding that work has started to port Password Safe 2.x to the Pocket PC platform.

"I took over the project because I wanted to make changes to PasswordSafe for my own use, basically to introduce the [new] tree view and to allow users to organize entries by categories," Shapiro said of his interest in the project.

"I was curious about the open-source development process, and wanted to see how it actually worked. My expectations for both these goals have been more that met," he added.

Shapiro said he is actively trying to recruit a programmer to maintain the Pocket PC version, which has languished for a while.

"More than one programmer has offered to revive the work on the PPC version, but Ive yet to see any tangible results," he said.

Next Page: Interest in a lockbox-type utility.