I smell a ripe opportunity for a application showdown!

Hi, I got aware of the fact the editor chanced some key information in my original article. Normaly that’s fine, but this time there are things I would never write myself and I think it’s important to notify, you as readers of this.

The article states.
Pastor is built on RC-4 encryption; in fact you might already be using this standard elsewhere. If you happen to use WEP encryption over WiFi, or even SSL, you’ll be happy to know that the same technology is keeping your passwords safe.

I would never write this myself, cause the falls suggestion of safety WEP encryption isn’t save, as a lot of you know. Use WPA instead.

SSL isn’t synonym for RC4 actually SSL a transport layer. The encryption options are configured at the webserver side. The sever administrator determines which encryptions may be used and which not. More details on Wikipedia TLS

I am also not happy with the 1 Password quote the editor put in. I makes me look like I am a fan of 1 Password which I am not. I think OS X’s build in keychain is just a fine and elegant autofill tool and I favor it over 1 Password. Best of all if your run at least OS X 10.4 it’s already there

I’m not the developer in our group, but RC4 does have vulnerabilities. If used in very specific circumstances, it’s just fine. Outside of those boundaries though, it’s not effective.

If you like using an offline password manager, there are plenty out there that use stronger algorithms. For mac, KeepassX comes to mind. You’ll have to check the features to see if it compares to Pastor on the other features you like.

Of course, there are always online solutions using AES

Thanks for posting your link Wikipedia is a great For those interested: RC4 page in Wikipedia

I am not a cryptographer, but what I understand the main problem with RC4 occurs when you a party has access to a hug amount of encrypted data, like you have with Wireless WEP. Using RC4 in Pastor with only a small amount of data makes it less vulnerable than in the WEP implementation. So I think you password will not likely being easily hacked.

Nevertheless, this is good information to keep in mind when using Pastor. I certainly would welcome a new version of Pastor which uses a strong encryption protocol.

This from Wikipedia:

“While remarkable in its simplicity, RC4 falls short of the high standards of security set by cryptographers, and some ways of using RC4 can lead to very insecure cryptosystems (an example being WEP). It is not recommended for use in new systems. However, some systems based on RC4 are secure enough for practical use.”

For strong security usually AES or Blowfish or Serpent are recommended.

Thanks for taking the effort to write your comment. However stating that: “RC4 encryption is outdated, unsafe” Is a bold statement with out providing any backup. As this might confuse readers I need to ask you to backup your statement as soon as possible, e.g. with some links to articles discussing the safety of RC$

Your remark that there’s no search option was already discussed in the article.

Thanks and hope to hear from you soon

This cuts back drastically on the cross platform issues Mac users often encounter when using (someone else’s) PC.

Here’s a online/offline comparison on my company blog:
http://tinyurl.com/3ba3et