In general, is it safe to store login credentials or banking details or both in a password manager?.How safe would that be given that I use 2-Factor-Authentication for my Google account? aWallet doesn't offer any cloud storage of their own and allows us to (optionally) backup the data.crypt file onto Google Drive or Dropbox.Is there a tool / technique that I could use to attempt to decrypt the data.crypt file used by aWallet app so as to test it's security?.While none of these points make a lot of sense to me, the little bit that I know about Cryptography tells me that repeating an encryption technique multiple times doesn't Mathematically improve the security it may only give one a false impression of added security.Īnd because of this inconsistency, I started doubting the validity of their other claims. Repetitive hashing makes a brute force attack more difficult. The result is hashed 1000 times by SHA-256. The key to open the data file is created by combining your master password with the 512-bit 'salt'.Salt helps to protect from off-line dictionary attacks. Uses a randomly generated 'salt' combined with the Master password.The app itself does not store any hint to the actual cipher, key size or cipher mode of operation. When the data file is decrypted, up to all combinations of algorithm, key size and cipher mode of operation (CBC, CFB, OFB and ECB) are tried with the Master password to unlock the data file.Encrypts data using AES and Blowfish algorithms with key sizes of 256, 192 and 128 bits.All data is encrypted, including Entry names, Category definitions.Here's what they claim on their Google PlayStore page: Given my limited knowledge of cryptography and doubts around privacy (given recent incidents of online thefts), I want to testify the security of aWallet Password Manager before storing my Banking / Card details in it. Needless to say, that 2nd point is debatable because having all credentials stored at a single place introduces a single-point of failure and poses an equal risk of the chain-reaction mentioned earlier. This would avert a cascading effect (giving away credentials of all accounts) that would be created if one of my accounts, whose login credentials I share with several accounts, gets compromised. Saving my passwords securely allows me to have distinct passwords for each web account which would otherwise be impossible.I'm able to have fairly good-entropy passwords: I'm able to throw in a mixup of lowercase & UPPERCASE alphabets, digits, special characters (including spaces) and have reasonably long passwords (10+ characters).As suggested by I'm posting it here since the topic of the question is better suited for InformationSecurity.StackExchange.Īfter reading a lot of articles on ramping up the security of my web accounts, I started using aWallet Password Manager for Android to backup my passwords. NOTE: This question is a subpart of the original question on aWallet Password Manager posted on Cryptography.StackExchange.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |