Oh, and is anyone out there interested in implementing a password manager that stores passwords *outside* of an image in a reasonably secure location?
I have been working on this very problem for the last few months and have (what I think to be) a very nice solution which I call "KryptOn".
For best results, "passwords" (more correctly, private-keys) are intended to be stored on one of those USB microdrive devices. My wife just bought me this one for anniversary gift:
http://www.knifecenter.com/kc_new/store_detail.html?s=VN53975
(That is not an endorsement).
KryptOn can be leveraged by any program to provide highly-transparent security based on the principles suggested for Croquet at
http://minnow.cc.gatech.edu/squeak/3770
and it never leaves your passwords exposed in a saved image; it first overwrites the bytes and then dereferences them during #shutDown of the image.
I have put some information about it on the Swiki:
http://minnow.cc.gatech.edu/squeak/5785
Questions or comments are very welcome.
- Chris
cryptography@lists.squeakfoundation.org