[aescrypt] Usability suggestions for Windows app.

[Kaz Kylheku]

Hi all,

In my opinion, the password entry dialog is not usable for long phrases, 
and encourages poor passwords. A checkbox to render the contents visible 
would be very useful to catch typing mistakes. It is frustrating to be 
told five times that the two do not match. Not everyone can touch type a 
long sentence twice with no mistakes.

The security in concealing password entry is dubious anyway. It has 
value for protecting authentication passwords in places where someone 
may be looking over your shoulder. But would you be working with a 
highly sensitive document (that is worth protecting with AES) in such an 
environment? Its contents are as secret as the password used to protect 
it, and so it makes no sense to conceal the password from prying eyes, 
yet reveal the document.

Another issue with the Windows application is that it performs sanity 
checks in the wrong order. When you're encrypting or decrypting a 
document, first you must get through the password dialog. Only then are 
you told, oops, the destination file already exists and we must bail! 
There is no security benefit in this; it is just annoying behavior. Why 
ask for the password if the operation cannot possibly complete (unless 
someone deletes the file outside of the program). Just bail right away: 
"We cannot do this operation because the destination file exists."

A useful behavior would be to have the option to rename the existing 
file, or to choose a different name for
the newly created file. (Deletion should be deferred to the user, who 
should be using a secure shred program, at least for the plaintexts).

Cheers ...