Re: alt.computer.security



But I like this password !

How about that for a password?

You can use that in Windows you know.

And, that would then be needed in order to get to the
decryption key for the file to become accessible.

Hmmm, sounds like using EFS in XP and later . . .

"Dave McAuliffe" <DaveMcA@xxxxxxxxxxxxxx> wrote in message
news:fcd512t1b017rbg0oqedpioicp0tf5s0fk@xxxxxxxxxx
What are the weaknesses in the below plan?

I'm addressing password/keyfile encryption file protection for work
and home purposes. I'm considering using an easy password in the
belief that complex ones need to be written down and therefore pose
their own risk for being breached, and easy ones are nowhere to be
found in writing. In addition, I'm considering the encryption key as
being part & partial of the password.

The keyfile will *not* be kept on the same computer that it was used
to encrypt. It will be put on floppy, thumbdrive, etc. and kept in
pocket or purse not in the computer case. Therefore you would need
the floppy in order to decrypt the PC file, and if the keyfile were
compromised, it would need to hook up to the PC and then the password
would then need to be known. This separation of the encryption key
and the coming together of three elements, password - keyfile -
computer, is what I'm banking on for relative security.

All personnel (road people) would use the same password/encryption key
file. Any files sent to the office would be decrypted on that end. At
employee turnover, 100% re-encryption would be done with a new keyfile
based on a new password.
--

Dave
Central Mass. USA

To email: Replace
mailinator.com with email.com


.



Relevant Pages

  • Re: alt.computer.security
    ... You have no guarantee that a easy password will not be written down either. ... How you going to prevent people from simply leaving the floppy, ... I'm considering the encryption key as ... The keyfile will *not* be kept on the same computer that it was used ...
    (microsoft.public.security)
  • Re: alt.computer.security
    ... decryption key for the file to become accessible. ... I'm addressing password/keyfile encryption file protection for work ... I'm considering the encryption key as ... The keyfile will *not* be kept on the same computer that it was used ...
    (microsoft.public.security)
  • Re: Biometric Encryption: the solution for network intruders?
    ... the core of the encryption key, ... core of the key out by about a factor of 3 1/2. ... Then, when presented with the lossy decryption key, run it through ... If you put a reader in every bar and licensed restaurant, ...
    (comp.security.misc)
  • Re: Blowfish Encryption Question
    ... >>SHA and then use that output as the encryption key. ... >>before decryption. ... original password. ... programs like PGP and my own Puffer program, ...
    (comp.lang.pascal.delphi.misc)
  • Re: PGP scripting...
    ... found in the script anyway). ... destroying the plain text after encryption. ... pool of data with a single trust (decryption keys), ... check the integrity of the encryption key. ...
    (SecProg)