plain text passwords [wasRe: [Gaim-devel] libyahoo2 integration?]

[Robert S. <rk...@re...>]

On Thu, 25 Jul 2002 15:11:59 -0400 Luke Schierer
<lsc...@re...> wrote:
LS> I agree with Sean, its a horrible idea.

I disagree. Storing plain text passwords are a terrible idea.

LS> if someone can see your .gaimrc file, encrypting it won't help.
LS> they'll just copy it and use gaim itself,

The ability to see a file does not imply the ability to copy it.

LS> or a decrypter based on gaim's decryption of the passwds to read your
LS> passwords anyway.

This assumes a certain level of knowledge on the part of the attacker. The
number of people who can copy down plain text far exceeds the number of people
who can find/run a decrypter.

LS> cannot trust the security of the unix permissions. encrypting.gaimrc would
LS> only provide a FALSE sense of greater security.

No, it is not a FALSE sense of greater security. It is greater security. Just
because it isn't perfect doesn't mean it isn't better.  Having a door on my
house provides a greater sense of security. Having a lock on the door provides
an even greater sense of security. Just because some criminals can pick the lock doesn't mean I shouldn't lock it too keep out the ones that can't.