Safebox

Countermail's Safebox is a password manager, a secure place where you can store all your usernames and passwords. All data in the Safebox is protected with one master password. The Safebox does not use any public/private keys, it's using pure OpenPGP symmetrical encryption. This means that the Safebox encryption is separated from your account keys and password, so you can use a different password for the Safebox. As usual, all encryption/decryption is done on your local computer, inside the Java-applet in your web browser. No Safebox-data will leave your computer in unencrypted form.

Warning! If you forget your password your data will be inaccessible! We do not have any "Forgot password" function, since such functions may weaken the "chain" of security.

Help

Go to your Safebox by clicking on the Safebox-folder in the left menu:


When your Safebox is empty, you must first select a Safebox password:

The next time you login to your Safebox, you will be asked to enter the Safebox password:

Functionality inside the Safebox:
  1. Listbox with all your stored pages, sorted alphabetically using the Short Description.
    Click on a line to View / Change / Delete a page
  2. Short description, enter a title for the page
  3. URL/Address, enter the URL to the page
  4. Username, the login name on that page
  5. Password, you can use all types of characters here, internally it's converted to Base64 to allow all characters for all languages
  6. Notes, you can enter any additional info here
  7. Visit URL, click here to open a new window that will redirect you to the page
  8. Show Pass / Hide Pass, click here to show the password
  9. Add page / Save page, click Add Page to add a new page, when this button says "Save page" it will update the currently selected record
  10. Delete page, delete the currently selected record and all info that belongs to this page
  11. Clear fields, empty all fields so you can to add new pages, the button on #9 will change to "Add page" after clicking "Clear fields"
  12. Automatic logout, after you logged in the password will be cached for a while, it will be automatically logged out if it's been idle for this amount of minutes
  13. Change password, click to change the Safebox master password
  14. Close Safebox, but don't clear the password cache
  15. Logout, close Safebox and clear the password cache

Security

The Safebox master password is converted to a AES-256 key using OpenPGP's Iterated and Salted S2K, the iteration code is set to 192, which equals to approx. 4 MB of data to hash (password+salt iterated through SHA-1). This makes the password very slow to bruteforce.

An Intel Core-i7 CPU @ 3.2 GHZ can test approx 30 passwords per CPU-core, per second.
Example, if you have a 10-letter password using a charset of 62 (a-z, A-Z, 0-9), it will take more than 400 years to bruteforce, using a super-computer with one million i7 CPU-cores:
62^10 / (30000000*3600*24*365) = 887 years (whole keyspace), and 443.5 years for half the keyspace.

Read more about OpenPGP S2K here:
https://tools.ietf.org/html/rfc4880#section-3.7.1.3

Read more about OpenPGP symmetrical encryption here:
https://tools.ietf.org/html/rfc4880#section-5.7

Last update

Jun 24, 2022 (ChangeLog)

News

2022-06-23

Changed request limiter of Secure Forms

2021-10-27

Info about the attack.

2021-06-22

Improved the HTML email sanitizer. Read more

2021-04-28

Updated one FAQ about email decryption

2021-04-12

Updated one FAQ about session problems

2021-03-04

Improved the Secure Forms,Read more

2021-02-14

Increased security for fake domain/links and some other things.

2021-02-08

Updated our Secure Forms feature. Read more

2020-12-02

Updated our XMPP chat server, and some other things.

2020-11-23

Added a domain spell check

2020-11-01

Registration is open, with invite code requirement

2020-10-28

Changed our Terms of Use

2019-04-26

Changed Trial accounts restrictions, read more.

2010-05-24

Opened up for all !

2009-11-21

Open website for Beta-testers