[ Contents | Search | Post | Reply | Next | Previous | Up ]
From: Olivier Mascia
Date: 22 Feb 2002
I have made some real life tests today of BeSafe. I agree that, apparently, data is probably well encrypted. But data is far from being safe. It can be too easily lost. Suppose you give your palm for some minutes to a collegue, a friend, a member of your family to demo something. If that person starts BeSafe and enters a password (wrong of course), the data is 'safe' because unreadable (wrong key for decryption). Until here, that's fine. Now, that same people walks in the menu, find Change Password and innocently (or not) enters a new password (without taking much attention to it). Bye bye data. Lost forever. As the mangled data will now be encrypted with their password. BeSafe really need a way to check that the password entered is the right one and if not show the mangled data (because it's fun), but the editing of anything (deleting, adding records, playing with categories and most importantly changing the password) should be **disabled**. BeSafe could save a well-known string of let's say 128 bytes within the data of the user (encrypted with the user password). When the user enters a password to access data, BeSafe decrypts the data and the well-known string and if the well-known string does not match say "wrong password entered". Or if you do not want to use a well-known string for this process, use a secure hash of some or all of the real user data for that purpose. If after decryption, the computed hash does not equals the stored one which was also decrypted, then the password is not the right one. Again I agree that now, the data is cryptographically speaking safe (though the actual source code is not public so you never know), but from a practical user view, it is too easy to mangle definitely the precious data. Or a friend can play you a bad trick too easily.