pre-[ANN] KryptOn (was: MC passwords in images?)
Chris Muller
chris at funkyobjects.org
Sun Nov 6 17:49:37 UTC 2005
> Oh, and is anyone out there interested in implementing a password
> manager that stores passwords *outside* of an image in a
> reasonably secure location?
I have been working on this very problem for the last few months and have (what
I think to be) a very nice solution which I call "KryptOn".
For best results, "passwords" (more correctly, private-keys) are intended to be
stored on one of those USB microdrive devices. My wife just bought me this one
for anniversary gift:
http://www.knifecenter.com/kc_new/store_detail.html?s=VN53975
KryptOn can be leveraged by any program to provide highly-transparent security
based on the principles suggested for Croquet at
http://minnow.cc.gatech.edu/squeak/3770
and it never leaves your passwords exposed in a saved image; it first
overwrites the bytes and then dereferences them during #shutDown of the image.
I have put some information about it on the Swiki:
http://minnow.cc.gatech.edu/squeak/5785
Questions or comments are very welcome.
- Chris
More information about the Squeak-dev
mailing list
|