FFkeystore: settings

paranoia level

You can change the paranoia level in the preferences:

screenshot of paranoia level radio group The paranoia level controls how you provide the keystore password to the app. This is a very important point and as strong side effects to your overall security. Please see the detailed description here: paranoia level

secure store

screenshot secure keystore radio group secure store controls how long you can see the "open keystore passwords".

debug mode

When debug mode is enabled, you can see some output in the console.

show only valid passwords

This convinience option lets you disable all passwords, which are currently not decryptable when you are not in Unsafe mode. The decision if a password is valid or not is made during decryption. If the output yields something we can unarchive it is assumed, that the password is valid.

Please understand, that the application can only make a assumption if the provided password is invalid. If you think a bit longer about this, you will realize, that the application can not state, that the decrypted password is a valid one (this is because the decrypting is not collision free, meaning that when you throw random passwords against a decrypted block of data, it sometimes yield something, that is actually a valid data structure. This decision is never made on the actual content of the fields it is just asking: can I derive a valid data block structure).

Note: This option does have a performance penalty when unlocking the keystore because every password is uncrypted which does can take quite some time on older macs. The positive thing is, that you don't see any entries which are not decryptable with the current keystore password.

lock new passwords

When you enter a new password, they will be locked by default. Locked passwords have a delete protection (you can not delete then until they are unlocked)

copy password to paste board

When this is enabled, double clicking a password will copy it to the paste board