Ok, so I have come to the realization that my memory isn’t quite what it used to be. My wife came to this realization a decade ago, but that is a topic for another day and another blog for that matter. I used to have an uncanny knack for storage and retrieval of both professional and personal data using just my brain.

I am basing this perceived waning of my data storage and retrieval capabilities on the fact that I find myself clicking “Forgot Password” or “Forgot Username” more often. I don’t think that I have a data capacity issue, but you never know. To combat this, I’ve enacted a “No Data Left Behind” policy. This means that, provided there is a Linux or Windows PC available, I will always have access to all the data (URLs, login credentials, account numbers, etc.) that I can no longer seem to store and retrieve efficiently using just my brain. The additional value proposition of storing images of important documents and receipts will come in handy as well. Oh yeah, the biggest win for me is that all the data is portable and searchable. It really is amazing that I will get all of this on a simple USB flash drive– essentially “my life on a stick”.

Now I could keep things simple and use TrueCrypt and flat files, but I decided to use the freely available Apache Derby and the security that it provides as my digital wallet instead. By the way, a new release of TrueCrypt is due out next week and will include Windows system partition encryption with pre-boot authentication, a Mac OS X version, a Linux GUI, etc. In addition to maintaining a data store that is forensically limiting, I also have some concern with the mean time to failure of my USB flash drive. This is something that I have not quantified/qualified but have read that read-write cycles run as high as 100,000 for better quality drives, and as low as 25,000 read-write cycles for the cheap ones. I have also ignored thinking about drive transfer speeds, and focused more on the total storage size of the flash drives that I have purchased. It may be prudent to carry redundant flash drives.

My digital wallet data security is job one. In addition to the typical user authentication database access restrictions, Apache Derby provides complete encryption of on-disk data. Everything is encrypted: tables, indexes, transaction log, table data, temporary files, system metadata, and so forth. Out of the box encryption strength is 56-bit DES but this is easily switched to another encryption algorithm. I do plan on periodically verifying/validating physical data file security with FTK Imager Lite and WinHex, or some other combination of cyber forensics tools. Come to think about it, the default 56-bit DES is probably enough considering that I regularly entrust waitrons with my credit card information, and retail staff with my driver’s license information for check verification purposes.

Apache Derby is a fully functional RDBMS written entirely in Java. It runs in any JVM (version 1.4 higher). For now, I plan on using the Apache Derby ij JDBC application with Linux and Windows scripting to manage my digital wallet data. I may also incorporate the use of the SQuirrel SQL universal client. I haven’t had issues with either on my openSUSE or Windows PCs. In my next post, we’ll explore this project further.