From: Ed Falk <Ed.Falk@Eng.Sun.COM>
Date: Tue, 18 Feb 1997 14:26:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Interesting question: how to safely keep passwords online
Message-ID: <199702182226.OAA12246@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



Here's a question that's been on my mind lately:  Often, you like
to keep external passwords stored on your personal computer.  As a quick
example, Eudora will remember your POP password for you so you don't
have to enter it every time.  Obviously, Eudora keeps this on disk
somewhere.

The question is: is there any (relatively) safe way to do this?  Obviously,
Eudora encrypt the saved password with some secret key, but this key could
probably be found by examining the code.  A slight improvement would
be for Eudora to generate an encryption key on the fly based on some
external system state, but this is also susceptible to reverse-engineering.

	-ed falk