>I know we PGP'rs consider ourselves serious about security, but there is
>sometimes a need to prevent casual snooping. I can see a need for a
>solution that is easy and provides just enough security to prevent nosy
>people from reading your mail and files. Password security for such a
>system need not be strict.
Why? Good, solid security (at least on the program level) is no more
difficult or expensive than bad. IDEA is no more difficult to program
than Enigma. A 256 character passphrase is no more difficult to program
than an 8 character password.
Also, the boundaries keep shifting. Originally, storing passwords in a
file accessible only by the superuser was "enough". Then it was enough
to store passwords in encrypted form. Now we store encrpted passwords
in a superuser-only file, and we worry about that.
Quote:>The only real problem I see with solutions like this is that users will
>tend to forget that they have inherent weaknesses when compared to
>public key systems and systems that use larger keys. But if your needs
>are casual such limitations may not be important.
The big problem that I see is that users (despite all warnings) will
insist that there really is a backdoor, and *demand* that you restore
data stored with their forgotten password.
With "cheap" security, there is a backdoor.
Quote:>Let's not get so narrow-minded that we think there's only one way to do
Agincourt Computing +1 (301) 681 7395
"Everything should be made as simple as possible, but no simpler."