maemo.org - Talk - View Single Post - IM, Email Passwords Are Stored as Plain Text

scudderfish	2010-01-18 , 13:04
Posts: 61 \| Thanked: 36 times \| Joined on Feb 2006 @ Harpenden	#51

Originally Posted by SubCore

saving as a hashed string might be enough to soothe concerns here, and should be fairly easy to implement.

But the app needs to decode the encryption so it can send it to the IM service (hopefully over an SSL connection). If the app can decode it, then the app has access to the encrpytion key. If the app has access to it, so does the user. If the user has access so does the bad guy with physical access to the device. It's obfuscation, not encryption, and all soothing concerns does is engender a false sense of security which can lead to less overall security.

Quote & Reply |

The Following 7 Users Say Thank You to scudderfish For This Useful Post:
frals, hqh, Jaffa, pelago, sjgadsby, slux, TomJ