Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

File Encryption (and Palm Pilot)



Thanks Kent,
I'll take a look at it. 
On 7 Aug 2001, at 9:19, Kent Borg wrote:

> On Sun, Aug 05, 2001 at 02:52:22PM -0400, Jerry Feldman wrote:
> > I've got 2 questions in regards to encryption
> > 1. I currently keep passwords in my Palm Pilot. At one time I had the 
> > entire unit password protected, but I removed that because it was a
> pain.  
> 
> A few months ago I put "CryptoHack" by Movielogic on my Palm.  It is
> free; search the usual places to find a copy.  It will encrypt the
> data for any one application you choose--but only one.  I don't know
> how secure it is, but I am convinced that it is a *lot* more secure
> than the nearly trivial password feature built into the Palm OS.
> 
> I use it for my Address application and keep some passwords and
> account numbers in there.  Every time one launches the protected
> application it decrypts the entire database, and it encrypts it when
> one quits it.  It also needs a key to decrypt before it can sync.  (It
> will be in the clear on the desktop, unless you encrypt it by some
> other technique.)
> 
> 
> I have discovered two bugs:
> 
> 1) There are situations where the encrypt/decrypt toggle seems to get
>    confused and it appears to leave the data in the clear even
>    though the application has quit.  This doesn't worry me because it
>    is rare and attempting to launch the protected application causes
>    an encryption to happen, and then a prompt for the password to
>    decrypt.  One would have to steal my Palm in that rare narrow
>    window, not touch Addresses, but use some hackerly tool to
>    read the data.
> 
> 2) Receiving a beam intended for the encrypted Address application
>    when the Address application is not running does not prompt for a
>    decryption, instead, things get messed up (I forget the details, I
>    think the sender needed to reboot).  Launch the Address application
>    first.
> 
> 
> I like it,
> 
> -kb


Jerry Feldman <gaf at blu.org>
Associate Director
Boston Linux and Unix user group
http://www.blu.org
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org