Security Considerations
Putting all of your passwords in one well-defined location is like putting
all of your eggs in one basket. The advantage is that it is easier to keep
track of your eggs. If someone breaks into your egg basket, the disadvantages
are obvious.
Many of the following security concerns are not unique to PSafe. Any
program that accepts passwords for authentication is subject to a number of
possible attacks.
File Storage
The first time you save a password, PSafe will create a hidden directory
named .psafe in your home directory. As a precaution, this
directory is created so that other users do not have permission to see
the contents. If your home directory is on AFS or some other shared
filesystem, you may have to take additional steps to ensure that others
do not have access. (They would still need to know your password to decrypt
the file, though.)
For example, in AFS, you can see the access settings using the following
command:
fs listacl ~/.psafe
Network Transmission
If you are logging in over a network, be aware that everything you
see on the screen and everything you type (including your PSafe Master
Password) goes over the network too. Use a secure client, such as
ssh. The commonly used 'telnet' program does no encryption, so it is
inherently unsafe.
Memory
It is theoretically possible for a system administrator to examine
a memory image of PSafe while it is running in order to see your decrypted
passwords. Do not use PSafe if you distrust your system admins.
Program Hacks
Any user who can modify the PSafe program itself can change it to
tell them your password when you enter it. Make sure you trust
whoever has write access to the psafe program and Python, probably root.
Similarly, anybody who had access to PSafe on the site that you
installed it from could also have modified the application to send
them your passwords.
Path Attacks
If your PATH environment variable contains entries before the one
that points to psafe, anyone with write access to those directories
can create a program called 'psafe' there and it will override the one
you thought you were using. In general, don't add directories to your
path if you don't trust the owner of the directory.
Screen Memory
When you view passwords using PSafe, it shows them right on the screen.
Maybe somebody will eventually add a paste option that will merely insert
the password into the clipboard, but even then, it's in the clipboard
memory, unless you are careful to clear it out before
you walk away from the workstation.
Choice of Password
PSafe does not force you to use a good, hard to guess password. In
fact, you can use no password at all, in which case it stores
everything in plain text, making you totally reliant on the security
of the filesystem.
Implementation Details
PSafe uses a flexible file storage format that can be easily extended to
support other encryption algorithms. It also supports any number of
additional fields per password entry.
If you export your file without
choosing an export password, you can see the format. In fact, you can
edit this plain text file and import it back into an encrypted PSafe
file. If you add additional fields to an entry (say password_hint),
this information is also displayed when you view the entry.
Currently, just two encryption modes are supported: plain text (no password),
and the Blowfish algorithm, using Cipher Feedback.