[conspire] CABAL meeting tomorrow (also, webmail security discussed here)

Rick Moen rick at linuxmafia.com
Fri Sep 11 14:21:26 PDT 2009


I'm betting that Ed meant to post this, rather than send it in private
mail.

Quoting Edward Cherlin (echerlin at gmail.com):

> Firefox provides encrypted password storage, using 3DES in CBC Mode.

Indeed, but what one really wants is a central, encrypted store for
_all_ sorts of security tokens, not just Web sites, so that you can have
globally unique tokens in use everywhere, but not have to worry about
it.

Let me give you an example:  Bank A's online service, concerning one of
my VISA or Mastercards, wants me to provide a series of "password hint"
answers to standard questions, so that I can "prove who I am" if I ever
need to be issued a new password.  So, they ask me "Where was your
mother born?"  I type in "Tralfamadore", and enter that into the "Where
was your mother born?" section of the Bank A record in Keyring on my
PDA.

Bank B asks, for its Mastercard account, "Where was your mother born?"
I type in "Ganymede" -- and store _that_ in the Bank B entry in my PDA.

It's actually none of Bank A or Bank B's business where my mother was
born, nor what my pets' names were when I was little, nor what my high
school sports mascot was, etc.  I consider it A Good Thing for each of
them to have wrong, mutually conflicting answers to those questions on
file.  For my purposes, it exactly meets my needs to be able to tell
Bank C that my mother's maiden name was Posonby Britt, O.B.E. and have
that answer serve as proof of my identity.

Also, it's really a huge improvement to general security, in my opinion,
for me to _not_ ever access that password database on any
general-purpose computer, and instead only on my PDA.  It's much, much 
easier to protect that data against security compromise.

> Are you using Garnet or Access Linux Platform?

Garnet OS 5.x ("PalmOS"), not Access Linux Platform.  I do not aspire to
use the PDA as a general-purpose computing device.  Also, this is not a
smartphone device, just a PDA.






More information about the conspire mailing list