Opened 10 years ago

Closed 9 years ago

#2919 closed enhancement (wontfix)

hide passwords in config

Reported by: anonymous Owned by: asterix
Priority: normal Milestone:
Component: preferences Version:
Severity: normal Keywords: security
Cc: Blocked By:
Blocking: OS: All

Description

Please consider to hide passwords from the config file if possible. config is 0600 so that is good, but I guess the ultimate solution would be to not write the password in plaintext nowhere. I use gajim for its good support for gpg encrypted messaging, and that's the only problem left to provide a secure client as far as I can see. thanks florian

Change History (11)

comment:1 Changed 10 years ago by anonymous

  • Milestone set to 0.12

comment:2 follow-up: Changed 10 years ago by asterix

we have gnome keyring for that ...

comment:3 Changed 10 years ago by junglecow

Obfuscating of passwords does not improve security. Use Gnome Keyring or disable "Save Password" in the server configuration. I propose wontfix.

comment:4 in reply to: ↑ 2 Changed 9 years ago by anonymous

Replying to asterix:

we have gnome keyring for that ...

There are no gnome-keyring for Windows ...

comment:5 Changed 9 years ago by asterix

  • Resolution set to wontfix
  • Status changed from new to closed

junglecow's comment remain ... a coded password can still be decrypted easily: just look in gajim code how to decrypt and that's it

comment:6 Changed 9 years ago by anonymous

  • OS set to All
  • Resolution wontfix deleted
  • Status changed from closed to reopened

I think it should be fixed, even just for eyecandy. No matter chmods, it freaks out to read it as plain text in file that is not encrypted. No matter if someone can decrypt it, but it makes much more harm to store it plainly, offer it straightaway. It is important to consider that the config file can get (for some reason) to wrong hands, somewhere where it doesn't belong, maybe just if someone uses your computer ("oops, i opened some config and guess what..") or anything, like with any file. I am not writing this to guess all the possible reasons how someone could get their hands to that file, I just hope you could give that an another thought. So, can you please reconsider?

(And for your comments, it is not right to force people to use Gnome Keyring. I hope you didn't mean it like that.)

comment:7 Changed 9 years ago by misc

I see no reason to work around windows problem ( ie lack of proper mechanism to store password ) by duplicating work in gajim. If you know a way to store password in a real secure way on windows, please provides a patch, or at least, a API tohat could be used from python.

comment:8 Changed 9 years ago by anonymous

I don't know about windows, not used it. It is not just windows problem, they are stored as plain text on Linux also. There are crypt at least for UNIX and even MD5 is better than nothing. If you really don't want to work around windows problem, please even with the Linux? There it is possible in a secure way.

I am sorry that I am not skilled enough to provide patch for you. Still it shouldn't need to dublicate the work, at least I hope so. I am not a programmer, but you are and you know better than I how to do that. In my eyes it can be done simple just like with crypt function "import crypt; crypt.crypt("crypt","ed")" http://docs.python.org/lib/module-crypt.html

If want to work with windows, There are actually "crypt for windows", the fcrypt, so windows can use fcrypt as crypt.. It's pure Python replacement library http://home.clear.net.nz/pages/c.evans/sw/

Do what you want, but I really really hope you to consider that. I would like to use my favorite client in a secure way.

comment:9 Changed 9 years ago by misc

crypt and md5 are hash function, so everything encrypted cannot be decrypted ( unless bruteforced ).

Since we need to get the password in cleartext to send it to server ( or use another type of hash ), in order to authenticate you, this is not suitable.

comment:10 Changed 9 years ago by steve-e

  • Component changed from None to preferences
  • Milestone 0.12 deleted
  • Summary changed from please consider to hide passwords in config to hide passwords in config
  • Version 0.11 deleted

There is no security by obscurity. We can hide the password easily but that will not fix anything.

I don't want anyone to believe this would be secure.

comment:11 Changed 9 years ago by asterix

  • Resolution set to wontfix
  • Status changed from reopened to closed

there are many other secure way to do that: encrypt your /home partition, or don't store passwords, or use gnome keyring. If you see a "encrypted" password in your config file, you can think it'ssecure to send it on the web, or anywhere, but it's not. It you see it plaintext, you won't send it, and that's better.

Note: See TracTickets for help on using tickets.