Messages

A developer should always leave and option to change a behaviour.  Otherwise the application will appeal only to the lowest common denominator of users (which, unfortunately is the majority).  This aspect of majority rule in a democracy, while not addressing the needs of the monority, is the reason the founders of the U.S. declared the nation a Republic rather than a democracy.

Secondly, if the goal of the developer is to enchance privacy in the Mac experience, the answer to the finder question becomes self-evident.

Now that Lion will have Whole Disk Encryption, I can forget about getting involved with symantec (pgp).  But, as Joe Kissel writes in his epic work "Mac Security Bible",  it's best to have dual layer encryption:  layer 1, WDE; layer 2, individual file and folder encryption using encrypted disk images or containers.  I know I bought an 'Espionage' license for something.  But let's get something straight.  I need to know what traces your app leaves on the hard disk OR on RAM.  From a forensic point of view.  Any retrievable strings of password, keys, personal info, history, or text in cache files, database, virtual memory, hard memory, var, temp, app support, any library, or for that matter, any other place I haven't mentioned?

If wer'e going to do privacy, let's do it all the way.  Full disclosure of the above would be appreciated, or at least a statement that you are not able to disclose certain of the above items (though you realize that falling back on 'proprietory' is looked at negatively by the privacy community.

Also, are you considering implementing a blowfish or two-fish cypher?

Last question:  You have mentioned disconnecting from dependence on keychain.  I need a time-frame for that.  By the way, what is the nature of 'Espionage's dependence on keychain access?

Your indulgence is appreciated.

You've mentioned in a previous post and in an email to me that you were planning to use another method of secure access.
I am waiting to install Espionage until this occurs.  I know TrueCrypt doesn't rely on keychain access, for example.

Have you made progress in this endeaver and could you give me a resonable time estimate for incorporation into an update?