Password Safe
The security of Twofish in a password database
Support
Password Safe is now an open source project. As of July 5, 2017, the latest Windows version is 3.43.0. A Linux version is currently in beta. To download the program, or for technical support, please visit its website.
A portable version (designed to run with no installation or registry changes) is available from PortableApps.com.
Various third-party ports, clones, and readers are also available. I haven't looked at any of these programs, and can't vouch for their compatibility or their security.
Many computer users today have to keep track of dozens of passwords: for network accounts, online services, premium web sites. Some write their passwords on a piece of paper, leaving their accounts vulnerable to thieves or in-house snoops. Others choose the same password for different applications, which makes life easy for intruders of all kinds.
With Password Safe, a free utility designed by Bruce Schneier, users can keep their passwords securely encrypted on their computers. A single Safe Combination--just one thing to remember--unlocks them all.
Password Safe protects passwords with the Twofish encryption algorithm, a fast, free alternative to DES. The program's security has been thoroughly verified by Counterpane Labs under the supervision of Bruce Schneier, author of Applied Cryptography and creator of the Twofish algorithm.
Password Safe features a simple, intuitive interface that lets users set up their password database in minutes. You can copy a password just by double-clicking, and paste it directly into your application. Best of all, Password Safe is completely free: no license requirements, shareware fees, or other strings attached.
See the Twofish page for more information on the Twofish algorithm, including links to other products that use Twofish.
PC World Review
PC World Blog Review
The Security Pub Review
Nomad Mobile Research Center Review of Password Safe 1.7
PC Magazine Editors' Choice
up to Academic
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.