SecurityFocus readers: There's been a number of threads on this list in the past regarding password management and secure storage of usernames/passwords. A long time ago I did a thorough search on the Internet to find a suitable program to meet my own storage requirements. I ran into and evaluated many of the password programs mentioned on this list including Counterpane's Password Safe, Password Vault, and Password Corrale among others.
One day I ran into a GPL freeware title called PINs. At the time it was in its 2.0 release. The author, Mirek Wojtowicz, recently released version 4.0.0.62. By far, PINs has been the best password management system I've seen to date. And you certainly can't beat the price! The current download can be found at http://www.mirekw.com/winfreeware/index.html The .ZIP download is only 458KB, so it's nice and portable. Also, it currently supports 16 languages by last count (it goes up with almost every release), something most of the other programs have never offered. It encrypts the passwords using Schneier's 448-bit Blowfish algorithm, and it has a pretty nice random password generator built-in. It also has a secure file erasure feature built in. Since I know the depth of the recent thread on this, I should point out that it supports a couple DoD methods and Guttmann-35. There are lots of other nice features, and the source code is available for those of you who like to audit everything yourself. If you find any flaw or have any suggestion, Mirek would be more than happy to hear your input. I'm NOT getting anything for this plug. Normally, I would never find myself posting something like this, but I truly think it's a great program that simply doesn't have the exposure it deserves. In fact, I'd really like to see it among the SecurityFocus Top 6 Tools some day. I'm fairly confident that if you try the program out yourselves, you'll find it to be a very solid tool to add to your security arsenal. Regards, Daymon McCartney Note: Mirek mirror's his site at http://www.mirwoj.opus.chelm.pl if the abovementioned URL is not available.
