For example, if you have various passwords, lock combinations, private
keys or PIN numbers, then
it can be easy to forget them.
gnudatasafe tackles this problem, by allowing each user on a system
to have a file that stores all
these items of information, all encrypted, and protected by a single password.
A user can access a particular piece of stored information (such as
a password to a remote system)
by requesting it from gnudatasafe.
All information is 'named' so that only the named information is returned to the user.
This reduces the risk of someone looking over your shoulder from obtaining all information that is
stored - only one piece of information is potentially compromised at this point.
This offers increased security over a system that uses proprietory (and
gnudatasafe locks all potentially sensitive memory locations so that
no data is written to disk when
the process swaps out.
This means that unencrypted data is not left on disk by gnudatasafe
gnudatasafe uses a console to communicate with the user.
This means that someone executing a 'ps -ef' will not be able to see
command line arguments
(such as passwords!). In fact, gnudatasafe does not accept any command line arguments at all.