Re: pySafe - for personal information security
 

Dear Mr. Aguilar,

Thanks for working on this application! I am sure that I will be able to use it for many years much to my satisfaction. However, I am writing to ask a fundamental security question before I begin to use it.

The obvious security flaw in such an application is that the user trusts the author not to have backdoor transmissions or access to the unencrypted data. I am a little uncomfortable putting all my most secret passwords into such a utility knowing this.

Although I searched on your garage entry and in this thread, I have seen no reference to the original source code. If I could compile the program (or, if it's python, just run it) from the original source, then I would have an opportunity to ensure there are no such backdoor shenanigans.

Please do not take this note as a personal slight--it's just the nature of wanting to store so much security information in one spot. To me, the best feature of any such program is that the source is available. Could you share, or tell me how I might otherwise look through it? That is, after all, the whole point of *nix, yes?

Cheers,

Bryce

Re: pySafe - for personal information security
 

Hi Bryce!

First of all, you are absolutely right making questions about the software considering that it maintains confidential information.

The source code is available in the garage, but private. Sorry for my mistake! Already made it public.

PySafe is writen in python, so the source of the program can be viewed in N900 itself, but the code is precompiled to save disk space. But if you want, you can download the source and replace the files.

Cheers!

Re: pySafe - for personal information security
 

Outstanding! Thank you for sharing =).

Re: pySafe - for personal information security
 

I like Password Safe because the database (file) is directly compatible with passord applications in Linux and Windows. So it is easy to sync from master password list to other devices just by using a copy.

Does pySafe use some widely supported password db system, or does it have its own?

Re: pySafe - for personal information security
 

PySafe uses its own file. In the future there will be a GUI to other systems, since its a python program (multiplatform), although this was not the intention.

If Password Safe has an open database format, readable by Python, and it's compatible with the rules of PySafe, could be possible to change to it.

The rules are: no fixed groups, no fixed items, no fixed details, may have sub-groups, and items may be outside a group.

Re: pySafe - for personal information security
 

Are you sure? I thought Password Safe for maemo 5 used an older file format that was not compatible with current desktop versions.

Re: pySafe - for personal information security
 

The primary db is on my Linux host with MyPasswordSafe.
Once a week I rsync it to N900 to be used in (Maemo) PasswordSafe.

Also, what is important to me, I can use text only CLI with pwsafe through ssh, if I need to.

Do not remember, but I think I am using the v2 db-format.

Maemo Password Safe has an annoying bug though when it has been idle long enough.

Re: pySafe - for personal information security
 

Is there a way to synchronize passwordsafe files with some password-tool running on Ubuntu Linux?

Re: pySafe - for personal information security
 

Your question is about pySafe and you mistyped, or it's about PasswordSafe?

By the way, pySafe isn't yet run outside the N900. But the version that I'm working, in Qt, will run in any device/SO that runs Python with Qt.

Re: pySafe - for personal information security
 

Way to go. Thanks for that.