Storing passwords

The list of accounts I have for various websites/subscriptions/applications is large, and constantly growing. Having a lot of accounts means having a lot of user names and passwords. A couple of problems arise out of this situation.

First, people are tempted to use a memorable password. This is generally a bad idea. If your password is memorable then it is likely to have a low entropy, i.e. it is more guessable. If your password is really strong and consists of truly random characters, then it isn't memorable. Because it is so strong people may be tempted to use it for more than one account, which leads to the second problem.

Second, people memorise a really good password, then reuse it for several accounts. This is bad because if you reuse your password then you are at the mercy of the website that holds your account. You don't know what that website is doing with it behind the scenes. They may misuse it or leak it.

Choosing a password based on something that only you know often doesn't help because it isn't hard to find out information about someone from Facebook, LinkedIn etc. You're also going to struggle realistically to come up with many different passwords based on different things only you know. Those bits of information can change pretty regularly too. The answer is to use some sort of password manager; a tool that can securely store information about your accounts. Of course this raises the question of whether you trust your password manager. What if it misuses or leaks your details?

Being a programmer, and somewhat paranoid, I obviously wrote my own solution. Its a simple application that encrypts text to a file on disk. It can also read a file, decrypt it and display the plaintext. You can see the source on my github page. The application is really simple. When reading or writing a file it uses AES-256 encryption, with the key being a SHA-256 hash of a password. Now all you need is one single strong password.

How do I use it?
Create a new empty file. The file extension doesn't matter, but .vault makes it easy to remember what the file is.

Run the application. You'll get a file dialog. Open the file you just created.

You will be prompted to enter a password to decrypt the contents of the file. As the file is empty this doesn't matter; just press OK.

You'll see the contents of the file, which will be empty. Enter some secret information and choose Save from the file menu.

You'll be prompted for a password. Choose a good, strong, memorable password. The application will use this to encrypt the contents of the file to disk.

Managing photos

One thing that's been in my mind recently is the problem of managing the ever growing number of digital photos I accumulate. This was on my mind again because I've just bought a new laptop. This means I'll probably use my old laptop less, but that laptop has hundreds of photos on and I don't want to lose/forget about them. The problem is wider than that; I've also got photos on my phone, PC and some old hard disks sat in a box in my office.

Now I know there are solutions to this already, and the cloud is the big thing at the moment. Why not transfer all my photos to some cloud storage solution? If I have an iPhone (which I don't) it can even automatically store photos in the iCloud for me. Well I have a couple of problems with that. Firstly I want something really simple, and not tied to any particular vendor (bye bye Apple!). I also don't want to rely on anyone else. I don't want my photos to be dependent on my internet connection.

It seems the best solution for me is to keep a master copy of all my photos somewhere I can easily access it (eg my new laptop), and keep a backup copy too just in case. The backup copy can just sit on an external hard disk, which I keep safe. A decent fireproof box in the garage should do it. Can't think of many situations where I'd lose both copies.

Of course I need some way of synchronising files between my various sources and my laptop, and also a way of backing up files to my external disk. Being a software developer obviously I wrote my own sync program.