The app contains user entered sensitive data (Pin codes, passwords,
account no. etc. etc.) All data are encrypted using blowfish -
blowfish requires a password.
I want this password to be 'secure' - ie. it should be kept in secret
by the user. Echo'ing in plain-text really defeats this demand?
> -----Original Message-----
> From: Brian Mathis [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 14, 2000 4:20 PM
> To: Palm Developer Forum
> Subject: RE: #### password Field Resource
>
>
> On Thu, 14 Sep 2000, Schau, Brian wrote:
> > Are you all telling me to compromise security just because
> people don't want
> > to learn how to do Grafitti? What about making a password of
> > letters/numbers you actually can remember to get right each time?
>
> How is this compromising security?
>
> First, you need to realize that the word "security" means absolutely
> nothing, without further definition. It's a very esoteric
> word. Computer
> security needs to be strictly defined within a given application, with
> very specific rules.
>
> What are the rules you are using in your app? I assume that because
> there's a password, there's some kind of sensitive data.
> What's the goal
> of using a password? To keep unauthorized parties out? How about
> encryption? To the extreme, how about deleting all locked
> data if a wrong
> password is entered?
>
> Each of those gives you an increased level of "security", but
> some may not
> be appropriate for your application. You need to first determine the
> needs of your app.
>
> As far as password masking goes, that's generally a requirement on
> desktops, because they are often used in an environment where
> many people
> can see the monitor, and they are easy to read from a distance. On a
> handheld, however, you generally use them close to your own
> body, pretty
> much blocking anyone behind you from seeing. They are also
> very difficult
> to read from a distance (if screens improve, this may change
> though :).
>
> One final thing to think about is that usually, adding more security
> requirements makes an application harder to use. This a very
> important
> thing to keep in mind, it's the reason virtually nobody uses encrypted
> email. If something's too hard to use, regardless of if it's
> more secure,
> people won't use it. This is why you need to evaluate the need for
> password masking. Even experienced Palm users mess up
> graffiti every once
> in a while.
>
> --
> Brian Mathis
> Direct Edge
> http://www.directedge.com
>
>
>
>
> --
> For information on using the Palm Developer Forums, or to
> unsubscribe, please see http://www.palmos.com/dev/tech/support/forums/
>
--
For information on using the Palm Developer Forums, or to unsubscribe, please see
http://www.palmos.com/dev/tech/support/forums/
