[aescrypt] Usability suggestions for Windows app.
kaz at kylheku.com
Thu Sep 5 01:22:58 EDT 2013
In my opinion, the password entry dialog is not usable for long phrases,
and encourages poor passwords. A checkbox to render the contents visible
would be very useful to catch typing mistakes. It is frustrating to be
told five times that the two do not match. Not everyone can touch type a
long sentence twice with no mistakes.
The security in concealing password entry is dubious anyway. It has
value for protecting authentication passwords in places where someone
may be looking over your shoulder. But would you be working with a
highly sensitive document (that is worth protecting with AES) in such an
environment? Its contents are as secret as the password used to protect
it, and so it makes no sense to conceal the password from prying eyes,
yet reveal the document.
Another issue with the Windows application is that it performs sanity
checks in the wrong order. When you're encrypting or decrypting a
document, first you must get through the password dialog. Only then are
you told, oops, the destination file already exists and we must bail!
There is no security benefit in this; it is just annoying behavior. Why
ask for the password if the operation cannot possibly complete (unless
someone deletes the file outside of the program). Just bail right away:
"We cannot do this operation because the destination file exists."
A useful behavior would be to have the option to rename the existing
file, or to choose a different name for
the newly created file. (Deletion should be deferred to the user, who
should be using a secure shred program, at least for the plaintexts).
More information about the aescrypt