Re: [Fwd: Re: plain text passwords [wasRe: [Gaim-devel] libyahoo2 integration?]]

[Christian H. <ch...@gn...>]

On Fri, Jul 26, 2002 at 05:27:27PM -0700, Morgan Collins [Ax0n] wrote:
> 
> I think that if you encrypted the password, it would be wise to require
> the user to enter their previous password before changing their password
> anyways.

Except that gaim would have to be able to decrypt them before logging
in. This would require that an encryption scheme be used that provides
for decrypting. However, this is no different than, say, reversing the
characters in the password. Anybody could just get to it anyway, by
simply decrypting it.

Now you could encrypt the entire .gaimrc file and ask for a password
on startup, but guess what? You would then need to store THAT password
somewhere, and suddenly you run into the exact same problem.

Bottom line: There is no method that will provide the (false) security
that people are looking for. The most secure thing you can do is to
chmod 600 ~/.gaimrc, and last I checked, that happens automatically.

Christian
 
-- 
Christian Hammond         <>  The GNUpdate Project
ch...@gn...      <>  http://www.gnupdate.org/
   Some people have a way with words, while others.. erm... thingy.