What Password Management Is, What Password Management Isn't
Using the right encryption algorithm is not enough”, says Andrey Belenko, ElcomSoft Chief Security Researcher. “It only takes one weak link to ruin the entire security model. Some of the tools would have a better chance to pass our security test if they were about 10,000 to 20,000 times more secure in terms of password recovery speed. Some other tools are completely hopeless and should be avoided at all costs.
Another researcher goes on to talk about how programming skills are simply not enough when building IT security tools.
Our research proved once again that IT security requires more than just programming skills”, comments Dmitry Sklyarov, ElcomSoft IT Security Analyst. “With open-source strong-crypto libraries everyone and their dog can write a password keeper, claiming their product offering secure protection – which is not really the case. A good security model takes the whole system into account including the user himself – and not just the strength of the encryption algorithm alone”