pws_ce_help.html

Password Safe Password Safe is a password database utility. Users can keep their passwords securely

	<P><I>Double-click shows password</I></P>
	<P>This option controls what happens when an item in the password list is double-clicked. If checked then a dialog will be displayed showing the password for the item. If unchecked the password will copied to the clipboard.</P>

<!-- PegHelp -->

    <a name="securitytab"></a><P><B>Security Tab</B></P>

    <P><I>Clear the clipboard when minimized</I></P>
    <P>If you check this option, the clipboard will be cleared when you minimize Password Safe.</P>

    <P><I>Lock password database on minimize and prompt on restore</I></P>
    <P>If you check this option, sensitive information such as your safe combination and the names of the items will be cleared from memory when Password Safe is minimized. When Password Safe is restored, you will be prompted for the Safe Combination.</P>

    <P><I>Confirm password database save on minimize</I></P>
    <P>If you check this option, Password Safe will remind you when it automatically saves the password database on minimize. Unchecked, the password database will be automatically saved.</P>

    <P><I>Confirm item copy to clipboard</I></P>
    <P>If you check this option, Password Safe will notify you when a password is copied to the clipboard. Once you've gotten used to how Password Safe works, you will probably want to uncheck this option.</P>

<!-- PegHelp -->

    <a name="pwdpolicytab"></a><P><B>Password Policy Tab</B></P>

    <P><I>Default password length</I></P>
    <P>This option sets the number of characters that will be generated when a random password is generated in the Add or Edit entry dialogs.</P>

    <P><I>Use lowercase letters</I></P>
    <P>If this option is checked, lower case letters will be used in the generated password.</P>

    <P><I>Use uppercase letters</I></P>
    <P>If this option is checked, upper case letters will be used in the generated password.</P>

    <P><I>Use digits</I></P>
    <P>If this option is checked, digit characters will be used in the generated password.</P>

    <P><I>Use symbols</I></P>
    <P>If this option is checked, certain symbol characters, such as &amp;, %, $ and so forth, will be used in the generated password.</P>

    <P><I>Use only easy-to-read characters</I></P>
    <P>If this option is checked then certain characters such as O (oh) and 0 (zero) will be omitted from the generated password.</P>

<!-- PegHelp -->

    <a name="usernametab"></a><P><B>Username Tab</B></P>

    <P><i>Use default username</I></P>
    <P>If this option is checked, the username entered in the field below will not be displayed in the main list box, and will automatically be inserted into the username field in the Add dialog box.</P>

    <P><I>Query user to set default username</I></P>
    <P>If this option is checked, whenever you enter a username for a new item and there is no default username, you will be prompted to set it as the default username if desired. See above for  more information about default usernames. </P>

<!-- PegHelp -->

    <a name="misctab"></a><P><B>Misc Tab</B></P>

    <P><I>Confirm deletion of items</I></P>
    <P>When this option is checked, Password Safe will confirm that you want to remove the selected item when you issue the Delete command.</P>

    <P><I>Save database immediately after Edit or Add</I></P>
    <P>If this option is checked, Password Safe will automatically save the password database whenever an entry is added or changed.</P>

<!-- PegHelp -->

    <a name="adddata"></a><b>Add Data</b>
    <P>In this window, you can add a new entry to the current database. Enter the name of the service this password is for in the box marked "Title" and your username on this service (if any) in the box marked "Username."  If you have entered a default username, it username will be automatically entered in this field.  Then enter the password itself in the box marked "Password." You can use the "Notes" field for any other information you need to remember about this item -- such as a URL or phone number.</P>
    <P>You can leave the username and notes fields blank, but you must enter data in the title and password fields.</P>
    <P>Note that the entry for this item in the list in the main dialog with be the service name and user name separated by a dash.</P>

<!-- PegHelp -->

    <a name="editview"></a><b>Edit/View Data</b>
    <P>In this window, you can change the information you've stored for an entry.  By default, the password will be replaced with a line of asterisks.  To view your existing password, hit "Show Password."</P>
    <P>If you make a mistake and want to leave this window without saving your changes, hit "Cancel."  To save changes, click the "OK" button.</P>

<!-- PegHelp -->

    <a name="copyclip"></a><b>Copy Password to Clipboard</b>
    <P>This dialog lets you know that the password you've selected has been copied to the clipboard. You can now paste it directly into the application, dialog, or Web form that needs a password.</P>
    <P>If you're pasting the password into a dialog, you probably won't have a Paste command available, but you can still paste using the keyboard shortcuts control-V or shift-insert.</P>

<!-- PegHelp -->

    <a name="changecombo"></a><b>Safe Combination Change</b>
    <P>Use this window to change your Safe Combination for the current database. You will need to enter the old Safe Combination, then enter the new combination twice. The combinations will be masked by asterisks. The combinations are case sensitive; the safe combination &quote;hello&quote; is different from &quote;HELLO&quote;.</P>

<!-- PegHelp -->

    <a name="comboentry"></a><b>Safe Combination Entry</b>
    <P>This window appears when you start up Password Safe and whenever you open a different database or restore a backup.  Enter your safe combination and click OK. Safe combinations are case sensitive; &quot;hello&quot; is different from &quot;HELLO&quot;.</P>
    <P>If you enter the safe combination incorrectly three times, the <a href="pws_ce_help.html#comboerror">Safe Combination Entry Error</a> window will appear. This window lets you try to open another database or start a new one.</P>

<!-- PegHelp -->

    <a name="comboerror"></a><b>Safe Combination Entry Error</b>
    <P>This window appears if the Safe Combination has been entered incorrectly three times.  If you just mistyped your safe combination, you can choose to try again. You can also choose to browse for another database to open or to create another, completely new, database.</P>
    <P>If you've forgotten your safe combination, just leave that database for now.  You'll be able to reopen this database later if you remember your combination.  Unfortunately, nothing can be done if you forget your password entirely.  The security of this system rests on the fact that the database cannot be recovered without the password.</P>

<!-- PegHelp -->

    <a name="confirmdel"></a><b>Delete Confirmation Dialog</b>
    <P>Click yes to delete the selected entry.  Click no if you don't want to delete it.</P>

<!-- PegHelp -->

    <a name="newdatabase"></a><b>Safe Combination Entry</b>
    <P>This window appears when you create a new database, either from the initial dialog when you start Password Safe, or when you select <a href="">New...</a> from the file menu</P>
    <P>Enter the combination for the new database and in the confirmation box.  You will be warned if the two passwords do not match or if the password is cryptographically weak.</P>

<!-- PegHelp -->

    <a name="usernamentry"></a><b>Username Entry Dialog</b>
    <P>The username entered in this dialog box will be added to all the entries in the username-less database that you just opened. Click Ok to add the username or Cancel to leave them as is.</P>
    <P>You can also set this username to be the default username by clicking the check box.  In this case, you will not see the username that you just added in the main dialog (though it is still part of the entries), and it will automatically be inserted in the Add dialog for new entries.</P>

<!-- PegHelp -->

    <a name="defaultusername"><b>Set Default Username?</b>
    <P>This dialog lets you set the username that you just entered as the default username.  The default username is not displayed in the main dialog and will be automatically inserted in the Add dialog box.</P>
    <P>You can adjust the current default username setting in the <A HREF="pws_ce_help.html#options">Options </A> dialog box.</P>

<!-- PegHelp -->

    <b>Add a Username to All Entries?</b>
    <P>This dialog appears when you open a password database without any usernames in the entries.</P>
    <P>Click Yes to get a dialog box that will allow you to enter a single username that will be added to all the entries.  Click No to leave the database as it is.</P>

<!-- PegHelp -->

    <A NAME="counterpane"></A><b>About Counterpane</b>
    <P><a href="http://www.counterpane.com">http://www.counterpane.com</a></P>
    <P><B>Company Information</B></P>
    <P><I>Counterpane Systems</I> is a cryptography and computer security consulting firm. We are a virtual company based in Minneapolis, with three full-time employees and six part-time contractors. Counterpane provides expert consulting in the following areas:</P>
    <P>Design and Analysis. This is the majority of Counterpane's work: making and breaking commercial cryptographic systems and system designs. We can analyze all aspects of a security system, from the threat model to the cryptographic algorithms, and from the protocols to the implementation and procedures. Our detailed reports provide clients with information on security problems as well as suggested fixes.</P>
    <P>Counterpane Systems has worked in areas such as:</P>
    <sl>
    <li>Hard disk and file encryption</li>
    <li>E-mail encryption and authentication</li>
    <li>Emergency password and data recovery</li>
    <li>Software and information piracy prevention</li>
    <li>Virtual private networks</li>
    <li>Certificate Authority systems</li>
    <li>Digital timestamping</li>
    <li>Digital telecommunications security</li>
    <li>Biometric security applications</li>
    <li>Java security</li>
    <li>Electronic commerce systems</li>
    <li>Stored-value card security</li>
    <li>Secure audit logs</li>
    </sl>
    <P><B>Implementation and Testing</B>. Counterpane Systems also turns designs into commercial programs. We have implemented and tested many cryptographic systems, both from our own designs and from industry standards such as SET, S/MIME, and SSL. Counterpane also performs security testing and verification of software implementations and products.</P>
    <P><B>Threat Modeling</B>. Using attack tree analysis, Counterpane Systems provides a comprehensive threat analysis of systems and products. This kind of analysis can determine a system's vulnerability and the avenues of attack most likely to succeed. We can calculate the time, money, and resources necessary to attack a system, determine the security effects of different business decisions, and list the security assumptions a system is based on. Attack trees can compare attacks and countermeasures, and isolate areas where security can most profitably be improved--or most profitably be attacked.</P>
    <P><B>Product Research and Forecasting</B>. Counterpane Systems assesses potential product ideas, and gives opinions on their viability in the marketplace. We also maintain a large database of competitive information, and can provide information on existing security-related products. We publish occasional reports on different areas of commercial cryptography--electronic commerce, Internet security, public-key infrastructure, secure tokens--and make these reports available to clients.</P>
    <P><B>Classes and Training</B>. Counterpane Systems provides a wide variety of training services, from hour-long tutorials on the basics of computer security to week-long classes on the mathematics of cryptography or the philosophy of secure system design. Other classes include advanced protocol design and analysis, Internet security protocols, public-key infrastructure, and electronic commerce security. Classes can be tailored to suit individual needs.</P>
    <P><B>Intellectual Property</B>. Counterpane Systems has considerable experience writing patent disclosures for cryptographic inventions. We provide opinions on patentability and prior art, and can help clients find new ways to implement systems which avoid infringing on existing patents. We maintain a database of more than 1000 cryptography-related patents.</P>
    <P><B>Export Consulting</B>. Counterpane Systems can help clients go through the process of receiving Commodity Jurisdictions from the U.S. Department of State, and get their products approved for export from the U.S. Department of Commerce.</P>
    <P><B>Theoretical and Applied Cryptographic Research</B>. Counterpane Systems continually pursues cryptographic research. By publishing papers at international academic conferences, we maintain our state-of-the-art knowledge and experience in cryptography.</P>
    <P><B>Clients</B>. Counterpane Systems has provided consulting services for clients on five continents, including American Express, Canon, Citibank, Compaq, Dallas Semiconductor, Disney, Hughes Data Systems, Intel, Intuit, MCI, Merrill Lynch, Microsoft, Mitsubishi, National Semiconductor, Netscape, NSA, Oracle, Security Dynamics, Silicon Graphics, Stac Electronics, Veridicom, Visa, and Xerox. Contracts range from short-term expert opinions and design evaluations to multi-year design and development efforts.</P>
    <P><B>COUNTERPANE SYSTEMS PERSONNEL</B></P>
    <P><B>BRUCE SCHNEIER</B> is president of Counterpane Systems. He is the author of Applied Cryptography (John Wiley &amp; Sons, 1994 &amp; 1996), the seminal work in its field. Now in its second edition, Applied Cryptography has sold over 80,000 copies world-wide and has been translated into four languages. His papers have appeared at international conferences, and he has written dozens of articles on cryptography for major magazines. He is a contributing editor to Dr. Dobb's Journal, where he edited the "Algorithms Alley" column, and has been a contributing editor to Computer and Communications Security Reviews. He designed the popular Blowfish encryption algorithm, still unbroken after years of cryptanalysis.</P>
    <P>Schneier served on the Board of Directors of the International Association for Cryptologic Research, is a member of the Advisory Board for the Electronic Privacy Information Center, and is on the Board of Directors of the Voter's Telcom Watch. Schneier has an M.S. in Computer Science from American University and a B.S. in Physics from the University of Rochester. He is a frequent writer and lecturer on the topics of cryptography, computer security, and privacy.</P>
    <P><B>JOHN KELSEY</B> is an experienced cryptographer, cryptanalyst, and programmer who has designed several algorithms and protocols. He pioneered research on secure random number generators, differential related-key cryptanalysis on block ciphers, and the chosen-protocol attack against cryptographic protocols. His research has been presented at several international conferences, and he has broken many proposed commercial cryptographic algorithm, protocol, and system designs. He has a degree in economics and computer science from the University of Missouri in Columbia.</P>
    <P><B>CHRIS HALL</B> is experienced in mathematical cryptography (including elliptic curves), protocol design and analysis, and source-code security verification. He helped build various PGP products, including some cryptographic protocols and software in PGPfone. He discovered a major weaknesses in two different X Windows authentication schemes (the attacks and fixes weren't announced for six months so that major vendors could fix their software). Hall has a B.S. in Computer Science and Mathematics at the University of Colorado in Boulder.</P>
    <P><B>DAVID WAGNER</B> is a graduate student in cryptography at the University of California Berkeley. His cryptographic expertise includes both algorithms and protocols. He has publicly cryptanalyzed the Netscape random number generator, SSL 3.0, and the U.S. digital cellular encryption standard.</P>
    <P><B>CONTACT INFORMATION</B></P><p></p>
    Counterpane Systems<br>
    101 E Minnehaha Parkway<br>
    Minneapolis, MN 55419<br>
    phone: (612) 823-1098 or (708) 524-9461<br>
    fax: (612) 823-1590<br>
    email: info@counterpane.com<br>
    web: <a href="http://www.counterpane.com">http://www.counterpane.com</a><br>

<!-- PegHelp -->

  </BODY>
</HTML>