Thread
:
IM, Email Passwords Are Stored as Plain Text
View Single Post
feydrutha
2010-01-18 , 13:11
Posts: 68 | Thanked: 36 times | Joined on Dec 2009
#
60
Originally Posted by
GameboyRMH
Seriously, it's about 3 more lines of code to encrypt it!
It's maybe 1 line of code to encrypt it, but where do you keep the encryption/decryption key? If it is also sitting unencrypted on the device, you might as well leave the whole thing in plain text as it makes 0 difference in terms of real security. Encryption is not some kind of magic that only lets good guys access stuff.
To provide real security you would have to ask the user for a passphrase to decrypt the password file... either every time the password needs to be used (highly impractical) or the first time, and then cache it for a certain amount of time or until reboot. This is what ssh-agent does for ssh key decryption passphrases.
A general solution offering a compromise between security and practicality would be to store this type of information in plain text, but inside an encrypted partition that is mounted at startup (after the user provides a passphrase). This is what I do on my Ubuntu pc, using ecryptfs. Not sure how easy it would be to port something like this to maemo. My guess: not so easy ;-)
Paolo
Quote & Reply
|
The Following 5 Users Say Thank You to feydrutha For This Useful Post:
frals
,
Jaffa
,
pelago
,
R-R
,
sjgadsby
feydrutha
View Public Profile
Send a private message to feydrutha
Find all posts by feydrutha