On Saturday, January 5, 2013 2:22:07 AM UTC+1, jwd wrote: > Since it has not been mentioned in this *Java* Posse thread, i will add a > reference to my password keeper tool of choice > JCards<http://www.nsydenham.net/java/JCards/JCards.shtml> > > I've been maintaining my password records in a JCards file (in my personal > Git repository now) for years. Source code available for the paranoid; > uses Bouncy Castle libraries for encryption last time I checked. >
Unfortunately Bouncy Castle is needed on JRE, as Sun/Oracle is an american company with silly export limitations when it comes to strong crypto (funny enough, this is not needed on Android where you can readily get away with > AES-128). I am no security expert, but JCards seems to use Blowfish (typically considered an inferior algorithm to AES) with only 64bit block size and iteration count of only 16. It also doesn't look as if JCards seeds with new random data between successive encryptions. -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To view this discussion on the web visit https://groups.google.com/d/msg/javaposse/-/s-KZTJFaptMJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
