Monday, April 04, 2005
Speaking of hardware, a nifty undermarketed gadget
http://www.mandylionlabs.com/
They sell a tamper-resistant pocket-sized gizmo for storing passwords. The coolest feature in my opinion is that it can create a really strong password for you if you ask it to. It has a long list of certification and can help you reach buzzword compliance if you are in, for example, an environment regulated by HIPAA.
The company calls it "inexpensive". They're used to selling to the government. A started kit of two gizmos costs US$269. Strike 1.
It only stores 50 passwords. That's not enough for an individual web surfer. It's enough for a normal worker in a small to medium business. It might not be enough for a system administrator. Strike 2.
It limits the length of passwords. It will only store 14 characters. I wonder if that's a limit of how much will fit on the display. It's a well chosen number in a way: old Windows NT systems resist attack best when passwords come in multiples of 7 characters and those systems have a maximum password length of 14 characters. 14 characters of truly random text is strong enough to stop a password-guessing program. Still, the gizmo is preventing you from taking full advantage of modern computer systems that allow long readable passphrases. Strike 2.5.
Worth looking at, especially if you need the administration software that comes with it. But I hope something better comes along.
|
They sell a tamper-resistant pocket-sized gizmo for storing passwords. The coolest feature in my opinion is that it can create a really strong password for you if you ask it to. It has a long list of certification and can help you reach buzzword compliance if you are in, for example, an environment regulated by HIPAA.
The company calls it "inexpensive". They're used to selling to the government. A started kit of two gizmos costs US$269. Strike 1.
It only stores 50 passwords. That's not enough for an individual web surfer. It's enough for a normal worker in a small to medium business. It might not be enough for a system administrator. Strike 2.
It limits the length of passwords. It will only store 14 characters. I wonder if that's a limit of how much will fit on the display. It's a well chosen number in a way: old Windows NT systems resist attack best when passwords come in multiples of 7 characters and those systems have a maximum password length of 14 characters. 14 characters of truly random text is strong enough to stop a password-guessing program. Still, the gizmo is preventing you from taking full advantage of modern computer systems that allow long readable passphrases. Strike 2.5.
Worth looking at, especially if you need the administration software that comes with it. But I hope something better comes along.
# posted by Frederick @ 3:08 PM Email to a friend:
Haloscan: they provide trackback