[Pidgin] #15379: Need warning on "remember password" checkbox
Pidgin
trac at pidgin.im
Mon Oct 29 06:55:53 EDT 2012
#15379: Need warning on "remember password" checkbox
-----------------------+---------------------------
Reporter: IBeaumont | Owner: rekkanoryo
Type: defect | Status: new
Milestone: | Component: unclassified
Version: 2.10.6 | Resolution:
Keywords: |
-----------------------+---------------------------
Comment (by renatosilva):
That link is about a master password, Firefox does not show any kind of
warning if you don't set one, which was the point of your report. Ok, it's
not obvious for you, I wonder what people think in general, but with just
a bit of thinking you can conclude it's not secure:
1. If there isn't a key used to encrypt the password, then one just needs
to run the decryption algorithm to retrieve it, hence insecure.
2. If there's a key, then one just need to get access to the key to
retrieve the password. File permissions on the key would have the same
level of security as if they were applied to the actual keys, so it's just
an additional artificial step here.
3. It is only reasonable secure if it used some master password as the
key. Ok, I could infer my OS password, if ever there's one, was being used
as master password.
As I've said, I think there's some plan to implement master passwords in
Pidgin, search for it. I wonder what people actually think about it being
obvious or not. Either way, I think adding some note to the widget label
wouldn't hurt, something like "[./] Save password (insecure)" or similar.
--
Ticket URL: <https://developer.pidgin.im/ticket/15379#comment:3>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list