The short answer to this question is: because it wouldn't make pwSafe safer.
That's actually an interesting question, because it contains a common misconception caused by misunderstanding of cryptography fundamentals by marketing-driven security products manufacturers. Let me explain:
- Provided you use a sufficient large key (128 bits is large enough) you can't break an encryption algorithm by brute-forcing it. Unless quantum computers become practical, there's not enough energy in the entire solar system to try all combinations.
- There is no such thing as 512-bit AES, which is advertised by some. AES comes in 3 flavors, 128, 192 and 256 bits. As strange as it may look, 128-bit AES is actually considered the safer choice, due to advances that have been found by scientists trying to break the other variations.
- After about the 128-bits threshold, adding bits to a cryptography algorithm doesn't necessarily make it safer. Take the AES example above: Bruce Schneier, a famous cryptography scientist, wrote: "And for new applications I suggest that people don't use AES-256. AES-128 provides more than enough security margin for the foreseeable future."
pwSafe uses Twofish encryption algorithm (256 bits key). Although AES-128 would be a better choice security-wise (it's a more thoroughly analyzed algorithm than Twofish), changing algorithms would break compatibility with Password Safe apps for the Mac, PC and Linux, which is a big advantage.
Comments
0 comments
Please sign in to leave a comment.