Not strictly crypto, but a key issue

[David Biggins]

Ian Johnson [mailto:Ian.Johnson@uwe.ac.uk] wrote:


<<<---snip--->>>
> So what are good strategies for managing large numbers of uid/passwd 
> pairs together with bucket loads of PINs?  
<<<---snip--->>>

Personal Organiser as keyring ????

How about encrypted on a personal organiser with all external I/O
normally disabled.  

At least I only have to remember the TWO passwords (organiser + file)
and all else is revealed.

Mind you, I probably ought to change the organiser password more often.

In principle the passwords are:

(a) never written down where anyone else can casually find them, 
(b) available to me in displayed form so I don't have to rehearse the
characters/digits out loud, 
(c) always available
(d) backed up (still encrypted) on my PC, so if I lose the organiser I
only lose the chips & plastic
(e) protected by over 12 characters of organizer passwords.

They may still be vulnerable to **serious** assault, but they are at
least safe from the **likely** levels of attack.

OK, it's probably not as secure as it could be,  I am after all trusting
someone else's cryptography on the organiser (that will change when I
get the time) but where do you draw the line?  


## dave ##