On Thu, Apr 29, 2004 at 01:53:13PM -0400, Luke Schierer wrote:
> except that gnome-keyring would not be good for our kde users, our
> macosx users, the people who have no particular environment, the win32
> users, so on and so forth.
> the best choice woudl be not to encrypt the passwords and let you all
> use your brains to store them.
I've got to agree with this part - I think that if you're concerned
about the security of your system and your files, then you shouldn't be
using the "Store password" feature at all. Enter the password every
time you sign in, and this way, your password (assuming it's not subject
to easy brute force attacks) will remain under the lock and key of your
Regarding a first-time dialog that warns users about this form of
insecurity, I go two ways on the matter:
1. It's a Good Thing (TM), as users should be made aware of the matter
2. Security through obscurity - do we really need to tip kiddies off
about this - it might make a non-obvious 'hack' blatently clear to them,
leaving people who otherwise don't care about point #1 suceptible to
password theft. Following this line of thought, I almost lean towards
Luke's later response of "eliminate stored passwords."
e.g. [I'm bored, and just finished an easy final, so I'll let my mind
run with a little computing drama]
-Jim Smith uses Gaim.
-He's using Windows XP Home, and has no password on his desktop account
-He clicks "Store Password," and reads a dialog box "Warning: Choosing
to store your password will make it readable by others who have access
to your files."
-He thinks nothing of this, as he clicks though the "Okay" box to
install KaZaA on his computer, along with WeatherBug, and that evil
Gator calendar thiny.
-Jim's little brother, Matt, logs onto his desktop, and decides to use
Gaim. He sees the same dialog box, and probably reads the subsequent
documentation on the Gaim website. "Oooh," thinks Matt, with
mischievous grin..."I would never have thought about that - kewl! [sic]"
-Matt logs onto Jim's [very secure] desktop, and opens up c:\documents
and settings\jim smith\application data\.gaim\accounts.xml file.
-Matt then logs onto Jim's accounts, and using the plaintext passwords,
changes his passwords to whatever he wishes, and doesn't bother to save
W.r.t. one way hashes - don't some protocols use hashes when transmiting
passwords? I use YoSucker to download my Yahoo! mail, and the first
thing it requires when setting up the configuration is that you run
"EncPassword," which generates that hash used in secure Yahoo! auth.
logins. You are then to put this hash in your ~/.yosucker/ config
files, and they will be used to log in. As far as I can imagine, I
don't believe such a hash could be used to change passwords - only to
gain access to an account. Therefore, the malicious factor is reduced,
with the revelation of the password nearly impossible (except via
hard-core cracking). This doesn't stop DoS attacks to someone's
account, or impersonation (as Luke's readme says - just copy the value
from the accounts.xml file into your own), but it's a hair better. Of
course, this is only applicable for few protocols, so it's pretty much
I think that if one is sufficiently paranoid, but for some inane reason
wants their password stored, a password managing plugin should be
written and used. Integrating such functionality into Gaim is
problematic and counterproductive. Perhaps in an SSH key agent could be
used for authentication to the keychain, that might work as a cross-platform
unlocking method (ssh-agent under *nix, OS X, and possibly Cygwin, and more
so, Pageant under Windows).
And so ends a caffeine-expressed mini-rant...