On 8/18/2011 8:03, Invisible wrote:
> You want to password-protect your passwords? That's just crazy. (The idea of
> a password is that you're supposed to /remember/ it. Which makes it
> impossible to ever steal.)

You're also supposed to use a different, long password for every site. It's 
basically a key locker.

Plus, of course, it has the advantage of being able to store actual 
sensitive files in a mildly secure way.

> (Just waiting for you to complain that you can't order from the USA now...)

Unlike some here, I have learned how to use google to find such things are 
reviews and local retailers. ;-)

> I'm not so sure about AES, but its predecessor DES is very, very easy to
> implement in hardware.

AES (and, really, almost all the modern block cyphers) are designed that 
way. They're all designed to run on smart cards and stuff like that, except 
for the "fish" ciphers (blowfish, twofish, etc), iirc, which are 
specifically designed to be fast in software.

> Mmm, I wonder if it's immune to side-channel attacks? >:-D

Well, first you have to get to the chip in its encrypted state or something. 
I'm (personally) not so worried about it that I think someone's going to 
crack the case open and hit it with a logic probe. Indeed, I haven't found 
any review that actually says it's encrypting the data on the chip itself. 
If it can change the password instantly, I'd doubt the actual data is 
encrypted. I did read one review where they cracked it open, took out the 
battery for a couple weeks, put it back together, and the PIN was still enabled.

-- 
Darren New, San Diego CA, USA (PST)
   How come I never get only one kudo?

Post a reply to this message