On Tue, 17 Jan 2012 08:00:07 -0500, Tanstaafl wrote: > > It comes to the same thing really. whether you store the passwords > > themselves or the methods and data used to generate them, both systems > > are as strong as the master password and useless if that is > > compromised. So stick with whatever suits your way of working. Choice > > is good :) > > This is actually not correct... > > Since PWM doesn't store the passwords, there is nothing to 'crack'... > there would never be any way for an attacker who got ahold of your RDF > file to run an attack program against it - how would the attack program > ever be able to determine 'success'?
I'm guessing to an extent here as I haven't yet tried PWM (no ebuild and I'd want a desktop client) but if the file can be read, you have the correct password, same as with KeePassX. It doesn't matter whether the file contains "4" or "2 2 +", once you can load it into PWM you can regenerate the passwords (the program would be somewhat useless otherwise). -- Neil Bothwick WinErr 008: Broken window - Watch out for glass fragments
signature.asc
Description: PGP signature
