[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    Re: Saving of passwords (Was: Security status)
From:       Stefan Taferner <taferner () salzburg ! co ! at>
Date:       2000-02-07 14:58:34
[Download RAW message or body]

On Mon, 07 Feb 2000, Andreas Gungl wrote:
> Stefan Taferner schrieb:
[...]
> > The best way IMO is to use a real two way encryption algorithm
> > for the password file. Does anybody know a good and free one
> > that can be distributed all over the world?
>
> I can't see an advantage in this. To work with that new encryption
> algorithm you would need another password/phrase. Where do you want to
> store this one? On disk? ;-)
> (Oh. Please recognize the smiley.)

Yes, that's the problem. The only thing one could do is generate a 
compile-time passphrase. But then two kmails cannot share a config
file, which is also no option.

> Actually I don't have a better solution. I'ld prefer a special file and
> a hint for all users on top of the documentation, better not to store
> the password on disk.

IMO there is absolutely no need to make a solution for kmail only.
Except if the solution is then better than what we have now.

Making another config file does not improve the situation.

Those that are security aware can handle the current situation,
and those that are not will not change when they do not care
for two files.

--Stefan

[prev in list] [next in list] [prev in thread] [next in thread]