Page 9 of 15 « First 78 9 1011 Last »
Reply
Thread Tools
pelago's Avatar
pelago is offline pelago
2010-01-18 , 13:55
Posts: 2,121 | Thanked: 1,540 times | Joined on Mar 2008 @ Oxford, UK
#81
Originally Posted by twaelti View Post
I can't believe the sheer arrogance of the ideologic "security folks", preaching supersecurity or none at all.
In practice, having weak security IS better than no security. In this case, at least having encoded passwords is still better than having plaintext. Becaus it at least prevents random/accidental password exposure. Otherwise we could pretty much also stop **** the password entry fields.
Read But surely something is better than nothing, right?
Last edited by pelago; 2010-01-18 at 17:10.
 

The Following 3 Users Say Thank You to pelago For This Useful Post:
Venomrush is offline Venomrush
2010-01-18 , 13:56
Posts: 891 | Thanked: 499 times | Joined on Nov 2009 @ UK
#82
Originally Posted by Rob1n View Post
As it no longer appears to be happening in PR1.1, I'm not surprised.
I'm running PR1.1
Still seeing the 'issue'
__________________
Follow me on Twitter
 
javispedro's Avatar
javispedro is offline javispedro
2010-01-18 , 13:57
Posts: 2,355 | Thanked: 5,249 times | Joined on Jan 2009 @ Barcelona
#83
Originally Posted by Venomrush View Post
Bug has been marked as INVALID
It IS invalid. It's been explained a hundred times why.

Now, if you file a feature request for something like "ability to set a master password to be introduced every time before logging in to any service", then it may make sense to encrypt the passwords with that master password.
 

The Following 4 Users Say Thank You to javispedro For This Useful Post:
ewan's Avatar
ewan is offline ewan
2010-01-18 , 13:59
Posts: 445 | Thanked: 572 times | Joined on Oct 2009 @ Oxford
#84
The bug is not invalid. It may be closed as WONTFIX because it's too hard, but the complaint is entirely true.
 
Rob1n is offline Rob1n
2010-01-18 , 14:01
Posts: 3,617 | Thanked: 2,412 times | Joined on Nov 2009 @ Cambridge, UK
#85
Originally Posted by Venomrush View Post
I'm running PR1.1
Still seeing the 'issue'
Have you deleted and recreated the accounts since upgrading to PR1.1?
 
SubCore's Avatar
SubCore is offline SubCore
2010-01-18 , 14:04
Posts: 850 | Thanked: 626 times | Joined on Sep 2009 @ Vienna, Austria
#86
FWIW:

i have 2 IM accounts on my N900: MSN (using butterfly) and the built-in skype.

i created the skype account only 2 days ago (with PR 1.1), the MSN account is older, created with PR1.0.
the MSN password is stored in plaintext in accounts.cfg, but skype's password is NOT stored there at all.

i'm gonna recreate the MSN account in the evening when i get home, maybe someone else can try sooner
__________________
"What we perceive is not nature itself, but nature exposed to our method of questioning."
-- Werner Karl Heisenberg
 
slender is offline slender
2010-01-18 , 14:05
Posts: 2,829 | Thanked: 1,459 times | Joined on Dec 2009 @ Finland
#87
Originally Posted by zwer View Post
The `mom` argument is even more ludicrous (specially for grownups that don't live in their moms basement :P) - your mom wouldn't know where to look for the said file. If she would, chances are that she knows how to base64/whatever-fully-reversible-algorithm-is-used decode it. And yes, she might find a site on the internet that shows where the said file is, but then again, if it were obfuscated there would be instructions how to deobfuscate it.
I know where to find it and i have no idea how to encrypt that kind of encyption. You probably have too high expections about fellow citzens or I´m just below you standard of average man. Prepare for dissapointmens with people and living in a world where all the other people seem to be a bit stupid Hey I just described world view of normal Linux "guru" :P
Last edited by slender; 2010-01-18 at 14:09.
 
joelus is offline joelus
2010-01-18 , 14:09
Posts: 49 | Thanked: 23 times | Joined on Oct 2009 @ Cape Town
#88
I don't think it's invalid at all. I would at least like the option of being asked for my password every time I log into a service rather than having it stored in plain text.
I mean once I'm logged in, I won't need to type it again until I disconnect or log out?
 
javispedro's Avatar
javispedro is offline javispedro
2010-01-18 , 14:13
Posts: 2,355 | Thanked: 5,249 times | Joined on Jan 2009 @ Barcelona
#89
Originally Posted by joelus View Post
I don't think it's invalid at all. I would at least like the option of being asked for my password every time I log into a service rather than having it stored in plain text.
And I think that's a valid feature request (in fact, it seems like the bug report mentioned on this thread has been converted to that).
 
slender is offline slender
2010-01-18 , 14:14
Posts: 2,829 | Thanked: 1,459 times | Joined on Dec 2009 @ Finland
#90
How you measure "false feeling of security"?

Do people behave carelessly when passwords are encrypted? Any studies about this?

I would be offended if someone said to me that I´m careless because I falsely think that I´m safe because of some non trivial encryption. Actually I would be really offended because that´s basically saying "You are a bit stupid ain´t you?"
 

The Following User Says Thank You to slender For This Useful Post:
Reply
Page 9 of 15 « First 78 9 1011 Last »

Tags
conversations, debate, email, fremantle, instant message, instant messaging, maemo, maemo 5, modest, password, passwords, plain text, security, telepathy

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 11:25.

Contact Us - Home - Archive - Top