Cryptography in Your Pocket

Palm-size organizers are essentially small computers--and now, you can encrypt your Palm Pilot data to protect it from prying eyes.

By Enterprise Networking Planet Staff | Posted Feb 20, 2001
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Recently, some announcements have been made of commercial encryption programs for the PalmPilot personal organizer. Some of these were for subroutines that might be used in programs whose primary purpose is not encryption, for purposes such as software registration. Also, Network Associates, the company that owns PGP, has a commercial product, PGPwireless, specifically aimed at those who use their Palm Pilots (and, shortly, other similar devices) to connect to the Internet.

Although some personal organizers are very similar to pocket calculators, with a small memory for names and telephone numbers added, plus an alarm clock function, the PalmPilot and some other high-end personal organizers are genuine pocket computers. They don't have floppy disk or CD-ROM drives, but they can be connected to the serial port of a desktop computer, from which they can download new software. Programs running on the PalmPilot follow the same event-driven organization as programs written to run under the Microsoft Windows operating system, or on the Macintosh.

Naturally, since such personal organizers are nearly computers in their own right, it isn't surprising that programs for encryption have been written for them, just as they have been written for many other types of computer.


Problems and Benefits of Using a Personal Organizer for Encryption

Some of the disadvantages are obvious. The processor will be slower, and less memory will be available. Because they don't have hard disks, or even floppy drives, the data you may wish to encrypt will not necessarily be on them. So data will have to be transferred, usually through a serial port.

But there is a big advantage that personal organizers have when used for encryption.

Unlike even a laptop, it is practical to carry your personal organizer with you wherever you go, never letting it out of your sight. Even if you have chosen a secure passphrase to encrypt all your private keys on a desktop computer, it is possible that your computer could be tampered with while you are away, to reveal that pass phrase to someone the next time you type it in.

Is this important to honest citizens, since so far, we have only heard of that technique being used by law enforcement agencies against criminals?

While it is true that anything involving a physical break-in is likely outside the threat models most people will use in evaluating their computer security, your main desktop computer is probably also the computer you use most of the time for connecting to the Internet. And computer viruses that intercept people's passwords are a reality that everyone is exposed to.

Perhaps for most people, it might be equally safe to drag that old 386 out of the basement to do encryption, and that would have the advantage of still running the same software, and being able to exchange data on standard floppy disks. But only entering your passphrase into a machine that you never let out of your sight certainly does have its attractions. And then there's the problem of finding somewhere to put that old 386. . . .



References

NTRU Encryption Toolkit for Palm Pilot
http://www.ntru.com/pressroom/pressreleases/palm_toolkit.htm

PGPwireless
http://www.pgp.com/aboutus/press/pr_template.asp?PR=/Press
Media/11022000-F.asp&Sel=863


SecurityPortal is the world's foremost on-line resource and services provider for companies and individuals concerned about protecting their information systems and networks.
http://www.SecurityPortal.com
The Focal Point for Security on the Net (tm)

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter