IM, Email Passwords Are Stored as Plain Text - Page 9 - maemo.org

pelago | # 81 | 2010-01-18, 13:55 | Report

Originally Posted by twaelti View Post

I can't believe the sheer arrogance of the ideologic "security folks", preaching supersecurity or none at all.
In practice, having weak security IS better than no security. In this case, at least having encoded passwords is still better than having plaintext. Becaus it at least prevents random/accidental password exposure. Otherwise we could pretty much also stop **** the password entry fields.

Read But surely something is better than nothing, right?

Last edited by pelago; 2010-01-18 at 17:10.

The Following 3 Users Say Thank You to pelago For This Useful Post:
frals, GeneralAntilles, javispedro

Venomrush | # 82 | 2010-01-18, 13:56 | Report

Originally Posted by Rob1n View Post

As it no longer appears to be happening in PR1.1, I'm not surprised.

I'm running PR1.1
Still seeing the 'issue'

javispedro | # 83 | 2010-01-18, 13:57 | Report

Originally Posted by Venomrush View Post

Bug has been marked as INVALID

It IS invalid. It's been explained a hundred times why.

Now, if you file a feature request for something like "ability to set a master password to be introduced every time before logging in to any service", then it may make sense to encrypt the passwords with that master password.

The Following 4 Users Say Thank You to javispedro For This Useful Post:
frals, GeneralAntilles, hqh, sjgadsby

ewan | # 84 | 2010-01-18, 13:59 | Report

The bug is not invalid. It may be closed as WONTFIX because it's too hard, but the complaint is entirely true.

Rob1n | # 85 | 2010-01-18, 14:01 | Report

Originally Posted by Venomrush View Post

I'm running PR1.1
Still seeing the 'issue'

Have you deleted and recreated the accounts since upgrading to PR1.1?

SubCore | # 86 | 2010-01-18, 14:04 | Report

FWIW:

i have 2 IM accounts on my N900: MSN (using butterfly) and the built-in skype.

i created the skype account only 2 days ago (with PR 1.1), the MSN account is older, created with PR1.0.
the MSN password is stored in plaintext in accounts.cfg, but skype's password is NOT stored there at all.

i'm gonna recreate the MSN account in the evening when i get home, maybe someone else can try sooner

slender | # 87 | 2010-01-18, 14:05 | Report

Originally Posted by zwer View Post

The `mom` argument is even more ludicrous (specially for grownups that don't live in their moms basement :P) - your mom wouldn't know where to look for the said file. If she would, chances are that she knows how to base64/whatever-fully-reversible-algorithm-is-used decode it. And yes, she might find a site on the internet that shows where the said file is, but then again, if it were obfuscated there would be instructions how to deobfuscate it.

I know where to find it and i have no idea how to encrypt that kind of encyption. You probably have too high expections about fellow citzens or I´m just below you standard of average man. Prepare for dissapointmens with people and living in a world where all the other people seem to be a bit stupid

Hey I just described world view of normal Linux "guru" :P

Last edited by slender; 2010-01-18 at 14:09.

joelus | # 88 | 2010-01-18, 14:09 | Report

I don't think it's invalid at all. I would at least like the option of being asked for my password every time I log into a service rather than having it stored in plain text.
I mean once I'm logged in, I won't need to type it again until I disconnect or log out?

javispedro | # 89 | 2010-01-18, 14:13 | Report

Originally Posted by joelus View Post

I don't think it's invalid at all. I would at least like the option of being asked for my password every time I log into a service rather than having it stored in plain text.

And I think that's a valid feature request (in fact, it seems like the bug report mentioned on this thread has been converted to that).

slender | # 90 | 2010-01-18, 14:14 | Report

How you measure "false feeling of security"?

Do people behave carelessly when passwords are encrypted? Any studies about this?

I would be offended if someone said to me that I´m careless because I falsely think that I´m safe because of some non trivial encryption. Actually I would be really offended because that´s basically saying "You are a bit stupid ain´t you?"

The Following User Says Thank You to slender For This Useful Post:
BlackDiamond