|
|
On 8/18/2011 8:03, Invisible wrote:
> You want to password-protect your passwords? That's just crazy. (The idea of
> a password is that you're supposed to /remember/ it. Which makes it
> impossible to ever steal.)
You're also supposed to use a different, long password for every site. It's
basically a key locker.
Plus, of course, it has the advantage of being able to store actual
sensitive files in a mildly secure way.
> (Just waiting for you to complain that you can't order from the USA now...)
Unlike some here, I have learned how to use google to find such things are
reviews and local retailers. ;-)
> I'm not so sure about AES, but its predecessor DES is very, very easy to
> implement in hardware.
AES (and, really, almost all the modern block cyphers) are designed that
way. They're all designed to run on smart cards and stuff like that, except
for the "fish" ciphers (blowfish, twofish, etc), iirc, which are
specifically designed to be fast in software.
> Mmm, I wonder if it's immune to side-channel attacks? >:-D
Well, first you have to get to the chip in its encrypted state or something.
I'm (personally) not so worried about it that I think someone's going to
crack the case open and hit it with a logic probe. Indeed, I haven't found
any review that actually says it's encrypting the data on the chip itself.
If it can change the password instantly, I'd doubt the actual data is
encrypted. I did read one review where they cracked it open, took out the
battery for a couple weeks, put it back together, and the PIN was still enabled.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|