Re: File encryption software?

On Tue, 08 Apr 2008 09:47:39 -0500, Bob Giddings <bobg@xxxxxxxxxxxx> wrote:


This is one of those old problems that is not really a problem
for most folks.

The only time I would worry about it is if somebody stole my
laptop, and then only for the time it took for me to get to
another online computer. The only data that really matters is my
financial data and passwords.

I do have minor passwords to several dozen websites listed on an
obscurely named file. That's trivial to uncover and unimportant
if it is. I could never remember all that stuff. This is the
equivalent of writing a password on a card and taping it to the
bottom of your top right drawer.

here's the solution to all your password woes.

http://passwordsafe.sourceforge.net/

It's free. It's open source. It's been validated by many of the recognized crypto
experts. It can store other sensitive data besides just passwords. It puts the
selected password on the clipboard automatically so all you have to do is tab to the
password field and hit ^V. It will generate random passwords for you if you like.
You only have to remember one passphrase, the one that opens PW safe.

BTW, a passPRHASE is a very secure but easy to remember technique. "HiMyNameIsBob."
is extremely secure. No dictionary attack will work. And an exhaustive search for a
string that long would take years, even on a distributed cracking network. The mixed
case doubles the search space and the period increases it even more.

Many applications still have an anachronistic limit on password length but PW Safe
doesn't. PW Safe combined with its securely-generated random passwords is about as
good as you can get.

For web-based resources, Password Safe is a backup to Firefox's password storage
facility. So far I've not read anything about there being any crypto insecurities in
this facility. I have confidence that Mozilla would quickly get out a patch if one
were found.

For financial data, I only need a couple of passwords. I use
variants of an old telephone number of a friend of mine. Not the
sort of thing anybody would be likely to guess, not hard for me
to remember since I used it for years, and not written down
anywhere. Except perhaps by the program itself.

I use a similar technique for my passphrases, though I enclose the number in some
text. I've tried them against every password hacking tool that I can get my hands on
and so far it's been totally secure.


Of course, if you have the ability to try every combination of 7
numbers, my ass is yours. And I've just made the task
significantly easier than that. Doh!

Lots easier. Trivially easy, in fact. There are only 10^7 possible combinations of
7 numbers. An exhaustive search would take less than 5 minutes.


I await impoverishment.

Well, the risk is small but not nil. Problem is, the downside risk is great. I see
a direct parallel with going armed. The actual risk of ever needing a gun is very
low but not zero, but when you need it, there is no substitute. For example, I've
lived for 50+ years without needing the gun that I carry. Until last fall when the
local meth head decided to try his little home invasion stunt. Then my gun saved my
life or at least saved me injury. The same with securing my data. I may never need
data security. But having it there just in case is great peace of mind for me.

John

--
John De Armond
See my website for my current email address
http://www.neon-john.com
http://www.johndearmond.com <-- best little blog on the net!
Tellico Plains, Occupied TN
Why the US is losing its competitivve edge:"It used to be that the USA was pretty good at
producing stuff teenaged boys could lose a finger or two playing with."-James Niccol

.

Relevant Pages

  • Is POP3 mail more secure than webmail?
    ... None of them are 100% secure and safe. ... there is always a risk of them being captured by someone. ... >Is charged email box more secure than free email? ...
    (microsoft.public.windowsxp.network_web)
  • Re: What is your weapon of choice
    ... You stand a far better chance of having your gun stolen than ever ... How secure is secure, a locked house, locked cabinet, safe? ...
    (misc.news.internet.discuss)
  • brit- A fifth of men know how to get a (fake) gun
    ... Nearly a fifth of men know how to get their hands on a gun, ... risk of gun and knife crime. ... Some 42 per cent surveyed by YouGov also believe they are at risk ... Londoners said they felt less safe as a result of gun ...
    (misc.survivalism)
  • More food for thought
    ... Basic Risk Analysis ... I have taken a position that the professional security community in general ... has and will continue to fail because they are operating under the same ... storing those backups safely offsite in a secure location on a daily basis. ...
    (comp.security.misc)
  • More food for thought
    ... Basic Risk Analysis ... I have taken a position that the professional security community in general ... has and will continue to fail because they are operating under the same ... storing those backups safely offsite in a secure location on a daily basis. ...
    (comp.os.ms-windows.nt.admin.security)