Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Portal: Where Do You Hide the Key?

Mar 09, 2000, 07:40 (0 Talkback[s])
(Other stories by John Savard)

"People who use encryption on their home computers for personal use may use it to keep some files on their hard disk encrypted, or they may use it to protect their E-mail communications. In the latter case, their private keys, corresponding to the public keys people use to send E-mails to them, are also in the form of entries in files on their hard disk, which also normally are protected by being encrypted."

"And so there are files on your home computer's hard disk that are encrypted. If the key to decrypting them were also sitting on your hard disk, there wouldn't be much point to that encryption. But a 100-bit binary key is equivalent to a 30-digit number. Not many people can easily memorize 30-digit numbers...."

"Often, people who work with computers need to memorize several passwords, each one for a different computer system. Some operating systems limit passwords to 8 characters in length, and this makes it necessary to use passwords with special characters, and so on. In addition, users may be required to change their passwords every few months. If one of the computer systems for which you have memorized a password is one you only use at infrequent intervals, this is a recipe for forgetting the password. (Or writing the password down. Memorizing one pass phrase, and using it to protect a file of passwords stored on a personal organizer, is one strategy for dealing with this which is already popular, and is likely to become increasingly so.)"

Complete Story

Related Stories: