How to save passwords more secure?!

Bron Gondwana brong at fastmail.fm
Sun Jun 22 20:53:00 EDT 2008


On Sun, Jun 22, 2008 at 08:10:29AM -0600, Jeff Sadowski wrote:
> On Sun, Jun 22, 2008 at 4:14 AM, Bron Gondwana <brong at fastmail.fm> wrote:
> > On Sat, Jun 21, 2008 at 11:18:29PM -0600, Jeff Sadowski wrote:
> >> A kludge that would be the easiest to implement would be to have
> >> ~/.purple be a cryptomouted directory that is mounted before pidgin is
> >> started. It is easy to implement with scripts. and after you are
> >> logged in it can be unmounted.
> >
> > This is no help against a hypothetical virus that reads your
> > accounts.xml file in real time - since you're likely to have
> > pidgin running most of the time you're logged in.
> >
> If you had said virus what would be preventing it from reading memory space?
> Because of how the protocols are pidgin or any chat client for that
> matter must send the password character by character thus it will be
> in memory at some point.
> Also what would stop said virus from key logging?

Yeah - that's a pain.  You need one of the security enhancing patches
that provide further levels of separation between processes.  The
nice thing about outsourcing responsibility for that to another program
(possibly even to the point of using copyfile() from a unix socket to
the password manager to the network connection) is that any security
improvements in that password manager are picked up automatically.

But it's true - if you have a virus with full access to your account,
you're pretty much screwed regardless.  On the other hand, if something
only manages to hijack an SMB or NFS session to your home directory
you'd be safer not having passwords in the clear on file.

(or if something breaks into the backup server.  You do keep backups
of your home directory, don't you?)

Bron.




More information about the Devel mailing list