Menu

Main Menu
Talk Get Daily Search

Member's Online

    User Name
    Password

    IM, Email Passwords Are Stored as Plain Text

    Reply
    Page 5 of 15 | Prev |   3     4   5   6     7   | Next | Last
    therock | # 41 | 2010-01-18, 12:43 | Report

    i have the PR1.1 fw installed and i had plain password in that file too

    but i removed all the IM services and added them again and took a backup and the password does not show up anymore in that file... hmm

    Edit | Forward | Quote | Quick Reply | Thanks

     
    NvyUs | # 42 | 2010-01-18, 12:45 | Report

    there's too many stupid excuses coming up in this thread, if it was apple iphone it would already be on the lunch time news about it.
    there is no other device in my possession what allows the exploit of passwords via a simple type of few words in a web browser and saying dont let it out your hands is not a solution. How is easy would it be for family and friends to spy on each other and yes it does happens amongst insecure people..
    lastly how easy would it be for someone to code something to feed that data to a server?

    Edit | Forward | Quote | Quick Reply | Thanks

     
    GameboyRMH | # 43 | 2010-01-18, 12:49 | Report

    Storing passwords in plaintext EVER =



    Seriously, it's about 3 more lines of code to encrypt it!

    Edit | Forward | Quote | Quick Reply | Thanks

    Last edited by GameboyRMH; 2010-01-18 at 12:51.

     
    hqh | # 44 | 2010-01-18, 12:54 | Report

    Originally Posted by NvyUs View Post
    there is no other device in my possession what allows the exploit of passwords via a simple type of few words in a web browser and saying dont let it out your hands is not a solution. How is easy would it be for family and friends to spy on each other and yes it does happens amongst insecure people..
    lastly how easy would it be for someone to code something to feed that data to a server?
    Like already mentioned, providing a false sense of security through obscuring the passwords would do no good either. They would still be easily accessible by determined "friends"/family members and malicious programs.

    Edit | Forward | Quote | Quick Reply | Thanks
    The Following User Says Thank You to hqh For This Useful Post:
    frals

     
    reviver | # 45 | 2010-01-18, 12:57 | Report

    Originally Posted by GameboyRMH View Post
    Seriously, it's about 3 more lines of code to encrypt it!
    Funny thing is we probably wouldn't even be having this conversation if Nokia had done ROT-13 on those.

    On the other hand somebody might now be thinking their passwords are safe.

    Edit | Forward | Quote | Quick Reply | Thanks
    The Following 6 Users Say Thank You to reviver For This Useful Post:
    Andre Klapper, floffe, frals, Jaffa, pelago, sjgadsby

     
    Stskeeps | # 46 | 2010-01-18, 12:57 | Report

    Originally Posted by GameboyRMH View Post
    Storing passwords in plaintext EVER =



    Seriously, it's about 3 more lines of code to encrypt it!
    Bring it on, show us I'm willing to bet that we will be able to dissect anything you come up with due to the physical access to device.

    Edit | Forward | Quote | Quick Reply | Thanks
    The Following 5 Users Say Thank You to Stskeeps For This Useful Post:
    Andre Klapper, frals, lma, sjgadsby, tekojo

     
    NvyUs | # 47 | 2010-01-18, 12:57 | Report

    but why leave the door open to even make it easy for non tech minded people

    Edit | Forward | Quote | Quick Reply | Thanks

     
    SubCore | # 48 | 2010-01-18, 12:58 | Report

    you know, if you go to "file:///home/user/.ssh/id_rsa", you can see the PRIVATE key file of the N900's user! omg!

    seriously, i bet the iPhone and android do the same basically, the exact location might be a bit more obscure, but it certainly isn't "encrypted" there, either.

    saving as a hashed string might be enough to soothe concerns here, and should be fairly easy to implement.

    Edit | Forward | Quote | Quick Reply | Thanks
    The Following User Says Thank You to SubCore For This Useful Post:
    R-R

     
    ruskie | # 49 | 2010-01-18, 13:01 | Report

    You are aware that the private key is usually encrypted as well

    And it can be any other name Hell it could be anywhere else at that
    A salted md5 hash would probably more or less avoid many of the concerns.

    Edit | Forward | Quote | Quick Reply | Thanks

     
    Stskeeps | # 50 | 2010-01-18, 13:02 | Report

    Originally Posted by ruskie View Post
    You are aware that the private key is usually encrypted as well

    And it can be any other name Hell it could be anywhere else at that
    A salted md5 hash would probably more or less avoid many of the concerns.
    A salted MD5 hash won't help you autologin to your favourite IM.

    Edit | Forward | Quote | Quick Reply | Thanks
    The Following 8 Users Say Thank You to Stskeeps For This Useful Post:
    Andre Klapper, frals, garagumu, GeneralAntilles, Jaffa, pelago, qwerty12, sjgadsby

     
    Page 5 of 15 | Prev |   3     4   5   6     7   | Next | Last
vBulletin® Version 3.8.8
Normal Logout