Encryption algorithms

Safety has always been one of the most basic considerations when designing software. All other requirements were assessed according to how safe they were. Parallel to the development phase, the theoretical concepts of external security companies were examined in terms of feasibility, as well as compliance with IT security standards. Prototypes have been ultimately developed on the basis of these findings, which form the blueprint for the current Password Safe version 8. The following encryption techniques and algorithms are currently in use:

  • AES 256
  • PBKDF2 with 100,000 iterations for the formation of user hashes
  • PBKDF2 with 1000 iterations for the hashes of the passwords within the database
  • RSA 4096 for private and public key methods

Applied cryptographic procedures

The container encryption of the passwords is based on the aforementioned algorithms. Each container has its own randomly generated salt. Each password, user, and role has its own key pair. When releases are granted for users and roles, the passwords within the database are hierarchically encrypted. Password Safe also uses the following cryptographic methods to achieve maximum security:

  • To integrate an AD, you can choose between an end-to-end encryption (E2EE – the safest mode) and the Master Key
  • The server key is protected using the hardware security module (HSM) via PKCS#11
  • Brute force protection for logging in by means of automatic blocking of the requesting client
  • Certificate protection when using applications
  • Certificate request for client/server connection You may use your own certificate authority (CA) as an option.
  • Latest version of the Secure Sockets Layer (SSL)
  • Passwords are only encrypted and transported to the client when they have been explicitly requested in advance. More…

Security hardware components we have tested:


  • SafeNet Luna SA – HSM with network connection
  • SafeNet Luna PCI-E – Embedded-HSM

Two-factor authentication:

  • SafeNet eToken Pass
  • RSA SecureID 700
  • Google authenticator

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.