File Encryption (and Palm Pilot)

[kentborg at borg.org (Kent Borg)]

On Sun, Aug 05, 2001 at 02:52:22PM -0400, Jerry Feldman wrote:
> I've got 2 questions in regards to encryption
> 1. I currently keep passwords in my Palm Pilot. At one time I had the 
> entire unit password protected, but I removed that because it was a pain.  

A few months ago I put "CryptoHack" by Movielogic on my Palm.  It is
free; search the usual places to find a copy.  It will encrypt the
data for any one application you choose--but only one.  I don't know
how secure it is, but I am convinced that it is a *lot* more secure
than the nearly trivial password feature built into the Palm OS.

I use it for my Address application and keep some passwords and
account numbers in there.  Every time one launches the protected
application it decrypts the entire database, and it encrypts it when
one quits it.  It also needs a key to decrypt before it can sync.  (It
will be in the clear on the desktop, unless you encrypt it by some
other technique.)


I have discovered two bugs:

1) There are situations where the encrypt/decrypt toggle seems to get
   confused and it appears to leave the data in the clear even
   though the application has quit.  This doesn't worry me because it
   is rare and attempting to launch the protected application causes
   an encryption to happen, and then a prompt for the password to
   decrypt.  One would have to steal my Palm in that rare narrow
   window, not touch Addresses, but use some hackerly tool to
   read the data.

2) Receiving a beam intended for the encrypted Address application
   when the Address application is not running does not prompt for a
   decryption, instead, things get messed up (I forget the details, I
   think the sender needed to reboot).  Launch the Address application
   first.


I like it,

-kb
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).