From: Bill Stewart <stewarts@ix.netcom.com>
To: Ed.Falk@Eng.Sun.COM (Ed Falk)
Message Hash: 9d5f6c8bc7af9cc1ac0ac2b480085aab0a1e38bcac4c232a0c10b18d271ee12d
Message ID: <3.0.1.32.19970222000137.00622bd8@popd.ix.netcom.com>
Reply To: <199702181940.LAA24732@peregrine.eng.sun.com>
UTC Datetime: 1997-02-22 08:03:06 UTC
Raw Date: Sat, 22 Feb 1997 00:03:06 -0800 (PST)
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 22 Feb 1997 00:03:06 -0800 (PST)
To: Ed.Falk@Eng.Sun.COM (Ed Falk)
Subject: Re: Interesting question: how to safely keep passwords online
In-Reply-To: <199702181940.LAA24732@peregrine.eng.sun.com>
Message-ID: <3.0.1.32.19970222000137.00622bd8@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
At 11:40 AM 2/18/97 -0800, Ed Falk wrote:
>Here's a question that's been on my mind lately: Often, you like
>to keep external passwords stored on your personal computer. As a quick
>example, Eudora will remember your POP password for you so you don't
>have to enter it every time. Obviously, Eudora keeps this on disk
>somewhere.
>The question is: is there any (relatively) safe way to do this?
Depends on your threat models....
The relatively safe way is to use an encrypted disk volume,
so everything stored on it is "safe", though any time the
disk volume is open, you're obviously at risk. My laptop is
relatively secure, unless someone has physical access to it;
if I used a boot password and encrypted disk volume it would require
an active attack to get the information, rather than simple theft.
(NT has a password, but it's not worth much if you've got the disk.)
Another popular approach, which PGP uses for storing private keys,
is to store the keys in an encrypted file, and use a passphrase for access;
variants include one passphrase for the whole file, or one passphrase
per record. Of course, if you can replace the "PGP" program with a
trojan version, you can still steal the passphrase. Or you can use a
keystroke sniffer to store any password-like input.
Of course, an even more popular approach is to ignore the problem,
and just leave the password around in plaintext in an INI file or Registry,
or encrypt it with some Really Secure KeyLess Proprietary Algorithm,
like rot13 ("We'll fool them - we'll use rot39! It's 3 times as secure!")
If you've got off-machine storage, e.g. a SecureID-like calculator
or other smartcard with on-card PIN entry, you can do actual security.
Even then you need to be careful about all the protocols; it doesn't do
much good to have a 4096-bit RSA key if a trojan shim can replace the card's
response of "Not OK" with "OK" before the real application reads it.
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
# (If this is a mailing list, please Cc: me on replies. Thanks.)
Return to February 1997
Return to “Ed.Falk@Eng.Sun.COM (Ed Falk)”