I've looked through the various threads on password security here, and I have a question about the password storage which I couldn't see an existing answer for.
If all the protocols use some form of password hashing rather than sending the password in the clear, then why doesn't Gaim store the password hash in the settings file, rather than the password itself?
It would seem like a good idea, Gaim would have to do less work, since it wouldn't have to calculate the hashes every time it needed them. Although you wouldn't be able to read your passwords from the file if you forgot them, your not expected to be able to do that. At least, not with any other programme I know of which saves your password.
How difficult is it to add that functionality? I'm not really familiar with the GTK/Gaim architecture. Would a plug-in be possible? Or would a branch/patch be required?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
First of, not all of the protocols use a hash of the password.
Second, even if they did if all the expected was for you to send the hashed password over the wire you would in essence just be using that hash as your password instead of your original password (which means you would be storing your password in plain text in the file anyway). Hashed passwords generally include a run-time selected seed so that you aren't just storing some generated password and using that.
I don't believe a plugin could do something like this at the moment, though with some changes to gaim it almost certainly could. And such changes would likely also allow storing passwords in the gnome-keyring or other such places. I know there was a patch for the gnome-keyring business at one point but I don't know anything about it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
(which means you would be storing your password in plain text in the file anyway)
Hmm... No, you'd be storing the hash of the plain text password, and reusing it every time it is required. No plain text passwords would be necessary.
However, you say that the hashes change every time for the protocols? That would make it useless.
I'm talking in generalities, because if only one protocol uses altering hashes then it's still a good idea. That different protocols use different hashing techniques is largely irrelevant, because you just store whatever the transmitted password is for each protocol. But if all of them use some sort of handshake to change the encoding of the hash each time, then you obviously can't store the hashes.
Thanks!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If the token you need to present to the server is the hash (which you have stored in the accounts.xml file) then that hash *is* your password, in the same way the current 'normal' password is your password. It is the literal string that a person would need to steal in order to log in as you.
Think about this, what if right now whenever you needed to create a new password, you ran a hash over it first and then used that, would your resulting accounts.xml look any different than if gaim did the hashing of your 'normal' password and then stored it?
And of course the hash changes all the time or it wouldn't secure anything. Anyone listening on the network would get *exactly* what they need to log in as you, which no matter which way you slice it *is* your password.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm not claiming that it's more secure, or that it can't be used to log on as you. I'm saying it's not your password in plain text. So someone can't just read your password from the file and remember it, they have to steal the file from the PC. You can argue there is very little in the differing degrees of security provided, but my only question really was that if you have to generate the same hash every time then why not just store the hash and remove Gaim from the debate.
I didn't know how the protocol hashes worked, so I didn't know why they couldn't be stored. After all, Windows passwords are stored as hashes that never change, so who knows what the underlying security is like on messenger clients?!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've looked through the various threads on password security here, and I have a question about the password storage which I couldn't see an existing answer for.
If all the protocols use some form of password hashing rather than sending the password in the clear, then why doesn't Gaim store the password hash in the settings file, rather than the password itself?
It would seem like a good idea, Gaim would have to do less work, since it wouldn't have to calculate the hashes every time it needed them. Although you wouldn't be able to read your passwords from the file if you forgot them, your not expected to be able to do that. At least, not with any other programme I know of which saves your password.
How difficult is it to add that functionality? I'm not really familiar with the GTK/Gaim architecture. Would a plug-in be possible? Or would a branch/patch be required?
First of, not all of the protocols use a hash of the password.
Second, even if they did if all the expected was for you to send the hashed password over the wire you would in essence just be using that hash as your password instead of your original password (which means you would be storing your password in plain text in the file anyway). Hashed passwords generally include a run-time selected seed so that you aren't just storing some generated password and using that.
I don't believe a plugin could do something like this at the moment, though with some changes to gaim it almost certainly could. And such changes would likely also allow storing passwords in the gnome-keyring or other such places. I know there was a patch for the gnome-keyring business at one point but I don't know anything about it.
(which means you would be storing your password in plain text in the file anyway)
Hmm... No, you'd be storing the hash of the plain text password, and reusing it every time it is required. No plain text passwords would be necessary.
However, you say that the hashes change every time for the protocols? That would make it useless.
I'm talking in generalities, because if only one protocol uses altering hashes then it's still a good idea. That different protocols use different hashing techniques is largely irrelevant, because you just store whatever the transmitted password is for each protocol. But if all of them use some sort of handshake to change the encoding of the hash each time, then you obviously can't store the hashes.
Thanks!
If the token you need to present to the server is the hash (which you have stored in the accounts.xml file) then that hash *is* your password, in the same way the current 'normal' password is your password. It is the literal string that a person would need to steal in order to log in as you.
Think about this, what if right now whenever you needed to create a new password, you ran a hash over it first and then used that, would your resulting accounts.xml look any different than if gaim did the hashing of your 'normal' password and then stored it?
And of course the hash changes all the time or it wouldn't secure anything. Anyone listening on the network would get *exactly* what they need to log in as you, which no matter which way you slice it *is* your password.
I'm not claiming that it's more secure, or that it can't be used to log on as you. I'm saying it's not your password in plain text. So someone can't just read your password from the file and remember it, they have to steal the file from the PC. You can argue there is very little in the differing degrees of security provided, but my only question really was that if you have to generate the same hash every time then why not just store the hash and remove Gaim from the debate.
I didn't know how the protocol hashes worked, so I didn't know why they couldn't be stored. After all, Windows passwords are stored as hashes that never change, so who knows what the underlying security is like on messenger clients?!