Re: Are there any pocketable Hardware Password Vaults

On Thu, 10 Nov 2005, felix.oxley@gmail.com wrote:

> You could use your mobile phone.
>
> 1. It is protected by a PIN number
> 2. It could run a java encryption app to provide additional security.
> 3. It is always with you.
> 4. It can be accessed from your PC via Bluetooth or USB.
=====================

call me paranoid, but i see #4 as a liability, not an asset. i do NOT 
store "sensitive" information on anything with a wireless transceiver 
built in to it... remember paris hilton's address book? i wouldn't cry if 
my address book was lifted from my phone, but my paypal password...

regarding #1, a 4 digit PIN is *not* cryptographically secure. even if it 
did encrypt data (which it doesn't) instead of just "locking" it. 
unlocking data may take a few seconds; brute forcing a 4 digit PIN 
wouldn't take much longer.

on my palm pilot (with IR link disabled) i run STRIP 
<http://zetetic.net/solutions/strip/>. among other features, it's the best 
real-world OTP calculator i've ever used.

more stuff here - http://www.palmopensource.com/index.php3?category=31


--
        ...atom

 _________________________________________
 PGP key - http://atom.smasher.org/pgp.txt
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
 -------------------------------------------------

        Bob Woodward:
                "How do you think history will regard the war in Iraq?"
        George "dubya" Bush:
                "It won't matter. We'll all be dead."