How secure asymmetric encryption to yourself?

David Shaw dshaw at jabberwocky.com
Mon Feb 23 23:43:41 CET 2009


On Mon, Feb 23, 2009 at 01:15:58PM -0500, gerry_lowry (alliston ontario canada) wrote:
> Sven Radde wrote, in part:
> 
>     "... there are more usable ways of managing one's passwords
>          than storing them in a GnuPG file".
> 
> I'm curious what "more usable ways" there are that Sven and others
> can recommend.

If you're already carrying around a PDA or smartphone, try:

http://linkesoft.com/secret/palm.html
http://agilewebsolutions.com/products/iphone

(etc - there are at least half a dozen others depending on what PDA or
smartphone you have)

These are more usable as you always (as per the first statement) have
your PDA/smartphone with you, so you don't need access to any other
hardware or software to get your passwords.  They're searchable, and
can be backed up.

It's a reasonable question, of course, how secure these are.
Obviously their authors claim they are very secure.  Neither publish
source, but the 1Password people have a design document which
(assuming they followed it) shows them avoiding a lot of the common
mistakes people make when implementing this sort of thing (notably,
they were smart enough to not write their own crypto).

In practice, for me, it doesn't matter all that much.  Certainly they
are at least secure against casual snooping, which is all I need them
for.

David



More information about the Gnupg-users mailing list