Erik Grinaker wrote:
On Fri, 2006-02-10 at 09:27 +1100, Tony and Robyn Lewis wrote:1. My main concern with something like Revelation (other than strength of cryptography of the encrypted file) is having *all* your passwords, in the clear, in memory, when you've unlocked Revelation. One solution would be to have more than one Revelation and password file, but I wonder if it's more elegant, and simple enough to do, to have an optional separate layer of encryption on selected folders, so you can put, say, your banking passwords in there. It might even have a separate timeout before it locks and purges memory.Hm, this issue is a tricky one. The solution you outline probably isn't the way to go, because the whole point of Revelation is to have a secure place to store all your passwords. If we have two levels of security in Revelation, then why don't we just as well use the highest level of security all the time?
No, I was thinking of using the highest level of security, but that a given folder could be encrypted with another password - either in lieu of the original password, or as well as.
The increase in security comes from the fact that your super-secure passwords are unencrypted in memory for *less time* than your bulk passwords - not that they were encrypted with stronger security.
You could achieve the same thing with two Revelation files, and just opening the one you want, but that seems inelegant.
- [rvl-list] RFC: file format encryption Erik Grinaker