Safebox
|
Countermail's Safebox is a password manager, a secure place where you can store all your usernames and passwords. All data in the Safebox is protected with one master password. The Safebox does not use any public/private keys, it's using pure OpenPGP symmetrical encryption. This means that the Safebox encryption is separated from your account keys and password, so you can use a different password for the Safebox. As usual, all encryption/decryption is done on your local computer, inside the Java-applet in your web browser. No Safebox-data will leave your computer in unencrypted form.
Warning! If you forget your password your data will be inaccessible! We do not have any "Forgot password" function, since such functions may weaken the "chain" of security.
Help
Go to your Safebox by clicking on the Safebox-folder in the left menu:
When your Safebox is empty, you must first select a Safebox password:
The next time you login to your Safebox, you will be asked to enter the Safebox password:
Functionality inside the Safebox:
- Listbox with all your stored pages, sorted alphabetically using the Short Description.
Click on a line to View / Change / Delete a page
- Short description, enter a title for the page
- URL/Address, enter the URL to the page
- Username, the login name on that page
- Password, you can use all types of characters here, internally it's converted to Base64 to allow all characters for all languages
- Notes, you can enter any additional info here
- Visit URL, click here to open a new window that will redirect you to the page
- Show Pass / Hide Pass, click here to show the password
- Add page / Save page, click Add Page to add a new page, when this button says "Save page" it will update the currently selected record
- Delete page, delete the currently selected record and all info that belongs to this page
- Clear fields, empty all fields so you can to add new pages, the button on #9 will change to "Add page" after clicking "Clear fields"
- Automatic logout, after you logged in the password will be cached for a while, it will be automatically logged out if it's been idle for this amount of minutes
- Change password, click to change the Safebox master password
- Close Safebox, but don't clear the password cache
- Logout, close Safebox and clear the password cache
Security
The Safebox master password is converted to a AES-256 key using OpenPGP's Iterated and Salted S2K, the iteration code is set to 192, which equals to approx. 4 MB of data to hash (password+salt iterated through SHA-1). This makes the password very slow to bruteforce.
An Intel Core-i7 CPU @ 3.2 GHZ can test approx 30 passwords per CPU-core, per second.
Example, if you have a 10-letter password using a charset of 62 (a-z, A-Z, 0-9), it will take more than 400 years to bruteforce, using a super-computer with one million i7 CPU-cores:
62^10 / (30000000*3600*24*365) = 887 years (whole keyspace), and 443.5 years for half the keyspace.
Read more about OpenPGP S2K here:
https://tools.ietf.org/html/rfc4880#section-3.7.1.3
Read more about OpenPGP symmetrical encryption here:
https://tools.ietf.org/html/rfc4880#section-5.7
|
|
| | Last updateApr 4, 2020
News
2020-04-04
Some general info
2020-02-28
Information about another provider
2020-02-22
New TLS Certificate, and some other news
2020-02-15
New info about session problems.
2020-01-27
Some changes.
2020-01-07
Updated card payments.
2019-11-03
Updated our Terms of Use.
2019-04-26
Changed Trial accounts restrictions, read more.
2019-01-23
New certificate.
2018-09-25
Better prices!
2017-09-05
New payment URL
2017-08-30
New registration page
2017-08-02
New webmail version
2017-05-22
Updated FireFoxPortable for Windows
2017-04-14
Windows users, be aware.
2017-02-19
Added new credit card payment (Stripe)
2017-02-10
Changed login page to detect Java problems
2015-08-06
Security upgrade on servers. 15 minutes downtime.
2015-03-02
Added VCARD-Export and VCARD-Import for Contacts
2015-02-08
Added PGP-packet analyzer on our Tools-page
2015-01-08
New SSL/TLS certificate, fingerprints.
2014-12-01
More storage space for members with 12 or 24 months subscriptions.
Read more
2014-11-28
Updated our Tools-page.
Read more
2014-11-24
We are working to open up the webmail for our Two Factor Auth-mobile app. We will send an email to our users when it's ready
2014-09-17
Improved spam blocking
2014-02-17
Added FAQ: How do I create good passwords?
2014-01-30
Changed spam flag to minimize false Spam classifications. Read more
2014-01-27
Updated CounterMailPortable. Read more
2013-12-27
Bugfixes and Updated Offline Login and more. Read more
2013-12-19
Updated our Tools page. Read more
2013-12-02
Added Quota warnings. Read more
2013-10-22
Changed new public keysize to 4096 bits.
2013-07-23
New USB routine. Read more
2013-05-01
Changed Trial account period to 7 days
2013-03-24
Opened up our XMPP chat server.
2013-03-17
Added new Support-system and a new FAQ
2013-02-01
Updated Java info page
2013-01-12
Added MacOS support for our USB-key
2012-12-20
Added Countermail Portable for Windows
2012-12-09
Added Safebox feature
2012-08-28
Scheduled Maintenance - August 30, 13:00 GMT. Servers will be down for approx. 2-3 hours.
2012-05-31
Added subfolder creation.
2012-03-22
Applet and Certificate update
2012-03-10
Added Wire transfer payment
2012-01-01
Third party IMAP-clients need to clean their cache. Read here.
2011-10-25
Added Domain Panel for all domain administrators
2011-08-24
Added quick search
2011-08-02
Added default Compose-alias
2011-07-17
Added new session option for TOR/VPN/Proxy-surfing. Settings/Personal info - Lock IP-address
2011-06-08
Added iPhone information
2011-05-10
Added message filters
2011-04-30
Updated alias function
2011-02-15
Added new white theme
2011-01-07
Added email notification
2010-12-06
Added more server-side SPAM protection
2010-12-01
New Compose window
2010-11-20
Added instructions for Android phones
2010-10-17
Added new feature:
Secure Forms
2010-05-24
Opened up for all !
2009-11-21
Open website for Beta-testers
2009-05-19
Installed our primary login and database servers
2009-05-16
Comodo Usertrust certified our company for Java applet code signing
2008-05-11
Domain name registration. Official start of the project. |
