Gwebs Cryptographer

Here is an article on law.com titled Think Before You Send that all my readers should take a look at.

From the article

“Don’t put this in writing, but … ” Those are the opening words of an e-mail that got the writer’s company in legal hot water. And there are plenty more where that came from.”

I mean, you must be kidding me. If you don’t want something in writing, don’t write it. And if you write it, encrypt it! Common sense, kiddies!

Security, email, encryption, government, law, privacy email, encryption

Today I was helping my mom setup new Gmail and AIM accounts, (now that gmail chat and AIM are linked, its essential to have an account on AIM and gmail, and to link them) and I was horrified to discover that she keeps all of her passwords, including her bank, email, credit card, web and domain hosting, and other crucial sites, in a word doc on the root of her laptop’s hard drive. AHHHHHA! What a recipe for disaster! “But what should I do?” she asked me. Her passwords are myriad, and all different (good), but she can remember none of them (bad!).

Here are several ways to keep your passwords safe (and the pitfalls):

1) Do like my mom, and keep all your passwords different, and in one “password file”, but encrypt that file with PGP, GWEBS WebmailSafety, or some other asymmetric encryption.

Pitfalls: A) You could forget your PGP password. B) You could lose your private key or your password file. C) Someone could steal your private key and your password file and guess your password. D) Someone could steal your password file and crack your private key.

Avoiding Pitfalls: A) Write down your pgp password somewhere, but don’t label it “PGP password” and keep it safe and long. B) Keep both a copy of your private key and your password file backed up and offsite, but not on someone else’s systems. C) Not likely, but again, you have to keep your password long and secure. D) Even less likely. Use a high bit rate algorithm. WebmailSafety, for example, uses 2048 bit RSA, and you would need to string together several of today’s most powerful supercomputers to crack that within your grandchildren’s life time.

2) Use a commercial password keeper, like Apple’s keychain or similar.

Pitfalls: these password keepers are only as secure as their implementations – and the user must decide which software to trust. Apparently Apple’s keychain is pretty secure, but you should always find out as much as you can about critical security software.

3) Use several passwords that you can remember, but different passwords on important or often-used sites. And never write any passwords down. For example Password A for email, password b for your online bank and password C for everything non-mission critical.

Pitfalls: The more you use a password, the less secure it is, and the more places you use, the less secure it is.

Avoiding pitfalls: For daily use and important passwords, choose long, strong, and hard to guess passwords, enter them manually and change them often. Daily use passwords are easy to remember because you are entering them all the time, and repetition breeds memories. Your non-mission critical passwords may be guessed, and if the intruder guesses one, they know them all, but again, these passwords are non mission critical, so this isn’t such a big problem.

Well, there are three solutions that I recommend. This is a big topic, so I look forward to user comments. Tell me what you do. How you keep your passwords secure, and if I missed some pitfalls, help me fill those in too!

PGP, passwords, personal, privacy encryption, IT, PGP, Security

I am in LA visiting family for a few days – flew here Sunday – and am flying back to Beijing, via Seoul, on Thursday. My grandmother died. She was 92 years old, and lived a thoroughly long and heroic life. Her funeral service today was beautiful. My stepfather, a lawyer who takes two days off a week and is studying to be a rabbi intoned a beautiful prayer, my uncle Mark, a violinist, hired a solo cellist, and that performance too was haunting. My mother, her two brothers, my grandma’s rabbi, and several others, all eulogized my grandmother, and though I have asked her and others to tell me her personal history many times, today I got the most complete version of the story.

Elizabeth (Lisl) Shapiro was born in Budapest, Hungary in 1915, at the beginning of a time of great change and disaster in Europe. Her father, an engineer, was summoned to Moscow to work on the construction of that city’s subway, and Grandma began medical school there. When Stalin arrived, they moved to Vienna, but then Hitler decided to pay a visit. Her father was interned at Dachau, but her mother found a way to get him out. At that time everyone realized it was necessary to leave Austria, but everyone in the family had been born in different countries, so getting visas together was impossible. I don’t know where everyone else went, but grandma’s uncle, my name-sake, got her a visa to come to London as a domestic servant (just in time for The Blitz) and, so the story goes, she began knitting diamonds into hollow sweater buttons to provide exiles with a means of carrying their wealth with them when they fled the Third Reich.

When grandma went to London, her brother Otto found his way to Trenton, NJ, and when the time came, he found a way to bring her over. There, she met my grandfather at a party, where he was playing violin, and the two moved to Hollywood, where my mom and my two uncles were born. They then moved to Inglewood, and there my grandma stayed until she was 90.

personal