Re: Current network-password-saving feature needs improvement.


First i would like to highlight the two different approaches that we can have about this subject... :

- Hiding this parameters for security matters which would mean that there would be no way to reveal this information without having the necessary informations for that (encryption key)


- Hiding these parameters for privacy matters because clear text sucks and this would be just a simple hashing of values.

In the first case we will reduce the UI conviviality by adding popups asking for secret key all the time. 

And in the second one this hashing would only be useful to protect from lamers that try to make a vi on gconf files and for remote storage of the configuration files (network will not see the clear/text infos)

I'm not really sure about it but i think that mozilla is implementing both methods and we should maybe do the same :

- Generate an encryption key from fixed system datas and make a hashing if user which to save his network pw in an easy way (like mozilla pass manager does i think)

- Ask the user to enter a passphrase for encrypting these informations that he would have to enter each time his system would try to access these infos in gconf (master password in mozilla)

- Ask the user to enter these infos each time he needs them in apps...

For encryption, axel was suggesting using blowfish and i agree with that as this algorithm is widely used and efficient..


Julien MOUTTE - jmoutte electronic-group com

World Trade Center, Moll de BARCELONA
Edificio Norte 4 Planta
Tel : +34 93600 23 23 Fax : +34 93600 23 10

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]