R10Cipher Key Management, Shared Secrets and Passwords
24/07/09 18:16
R10Cipher Version 3 is released on the 5th August 2009.
One of the key features of Version 3 is Key Management. Taken from the new manual is the following post.
An Explanation and Recommended Use of Shared Secrets and Passwords
One of the key features of Version 3 is Key Management. Taken from the new manual is the following post.
An Explanation and Recommended Use of Shared Secrets and Passwords
Shared Secret
This is the code or phrase that is used to secure a communication between yourself and a particular third party, ie: your client or contact.
Master Password
This is the password that only you should know. It safe guards your Key Management Database records. You could use a different Master Password for each record if you preferred or use a different one for each type of contact, or use the same one for each record. It’s entirely up to you, but bear in mind that you have to remember this one ...
Usage Password
Only needed if another individual may be using your R10Cipher to communicate with your contacts. They can retrieve the Shared Secrets for use but cannot see them or change them.
It is recommended that for each client/contact you assign a different Shared Secret. Make it at least 8 characters, 16 or more is ideal, it doesn’t have to be particularly memorable as the Key Management makes it easy for this to be retrieved when needed.
You should secure your Key Management Database and the Shared Secrets using a Master Password. This Master Password should be more memorable as this is the what you will have to enter in order to edit, delete or retrieve the Shared Secrets. I recommend you base this password on a something familiar, for example the first letter of the words of the first two lines of your favourite song. Mix this using upper and lowercase and substitute numbers where possible.
Note: The reason for having a password secure the Shared Secrets is that the Shared Secret is used to encrypt the communication, this communication will be ‘in the wild’ when transferred over the internet between email or web servers, hence it needs to be unique and strong. Your Key Management Database however is not exposed to the outside world so a small amount of passwords or a single password should be sufficient to encrypt and control access to the records in the Key Management Database.
Steven Cholerton
Arten Science
Subscribe to our RSS Feed: http://feeds.feedburner.com/ArtenScienceRssFeed