#1095 Better protection of saved passwords

Unassigned
open
nobody
None
5
2014-08-14
2013-04-11
Chris Russell
No

The fact that Mumble supports passwords is fantastic. It provides a means for users to log on from different clients without the need for exporting/importing their certificate file.

However, I noticed that the passwords are stored in clear text on the client. Coupled with the fact that the client always saves the password, this creates a situation where user passwords are readily available to anybody who has access to the client computer or data. Whereas access to a Mumble account does not expose any sensitive information, password re-use is a common occurrence.

Feature request:

A. Encrypted storage of passwords

B. A "save password" option which defaults to "no".

Discussion

<< < 1 2 3 (Page 3 of 3)
  • Stefan H.
    Stefan H.
    2013-05-15

    I've seen the pull request. I doubt I'll have time to take a look before the weekend though. Thanks a lot for the contribution.

     
  • Jelan
    Jelan
    2013-05-24

    Friendly reminder when you get the chance to look at the pull request :)
    Thanks in advance and have a nice day !

     
  • Jelan
    Jelan
    2013-06-03

    Hi Stefan, any luck reviewing the PR ? Thx !

     
  • Jelan
    Jelan
    2013-06-16

    Any news ? It's been a month now that I submitted the PR....

     
  • Jelan
    Jelan
    2013-06-16

    And it looks like we have now missed the 1.2.4 stable.... Geez

     
  • Stefan H.
    Stefan H.
    2013-06-16

    1.2.4 was frozen before this issue was opened. I currently don't have much spare time but I haven't forgotten this issue. Either I or one of the others will also review your patch. Sorry for the delays.

     
  • Jelan
    Jelan
    2013-06-19

    Thanks for the reply Stefan. I had no idea the 1.2.4 was frozen already... Damn....

    Is there any chance to have some intermediate releases ? If i look at the release timeline for the past releases, it does not look like we can expect the 1.2.5 anytime soon :(

     
  • Jelan
    Jelan
    2013-09-06

    Guys we are now in September and I have yet to hear back from your on this simple PR... A feedback would be appreciated.

    https://github.com/mumble-voip/mumble/pull/159

     
    Last edit: Jelan 2013-09-06
  • Mikkel Krautz
    Mikkel Krautz
    2013-09-06

    Hi Jelan,

    I'm sorry, but everyone on the dev team is pretty busy at the moment, with practically no spare time to work on Mumble.

    We're unhappy about the current pull request situation. Many of them have lingered longer than your pull request. It's an unfortunate situation.

    Regarding the PR: I haven't followed the discussion closely, but what follows is a brain dump from me on the matter. I'd like Stefan to also respond, as he has been looking more closely at this issue.

    I'd like to start off with saying that the idea of having this be a config option on the server seems OK to me. However, I have the three points below that I'd like to raise:

    1) Confusion

    Given this feature in its current form, as a user, I would be immensely confused as to why I'd have to enter the password for the server every time I connected, if I did not know of the feature. As someone who knows Mumble, I'd be wondering whether my client DB was broken - or something along those lines. My current thinking is that this should be handled via appropriate UI, but I'm not sure how that would look. And I'm not sure it's word worrying about, in the grand scheme of things.

    2) Client compatibility

    Old clients will not obey the rule. We are not very forceful about updating user's Mumble clients, so we often see people using old versions of the software in the wild. This is obviously not something that's preferable for a variety of reasons, but it's the current state of things.

    The allowsavepassword option is obviously more of a suggestion to the client rather than a rule. While we can make the latest version of the standard Mumble client follow this suggestion, you'd also have to get other Mumble-compatible clients to adopt the allowsavepassword suggestion to ensure its effectiveness.

    3) Effectiveness

    It's possible to connect to servers by adding them in the favourite server list. In there, it's also possible to input passwords (which will also, at present, be stored in the clear in the SQLite DB). The UI tries very hard not to show the password field in there, but it's definitely possible to store a favourite server with a password if you really, really want to.

    Also, not all clients are as password unfriendly in their standard UI as the desktop Mumble client. The iOS client, for example, always shows the password field in the favourite server UI.

    The effectiveness of the allowsavepassword suggestion is debatable, if many users deliberately choose to store their password on their computer before even connecting to the server.

    As mentioned earlier, the above points are just a quick brain dump from me to get my opinion
    out there on the issue.

     
    Last edit: Mikkel Krautz 2013-09-06
  • leovino
    leovino
    2013-11-07

    Is there an update for the second feature request (B. A "save password" option which defaults to "no".)?

    Has this been considered: https://github.com/mumble-voip/mumble/pull/159 ?

    Doesn't need to deafult to 'no' imo, but the option not to save the password should be a standard functionality imo. Would be great if it could be delivered soon. Shouldn't be much trouble, right?

    Alternatively, could you provide a pointer on how to fix it myself?

     
    Last edit: leovino 2013-11-07
<< < 1 2 3 (Page 3 of 3)