Active Topics
-
[HOWTO] Comprehensive Firmware Flashing Guide for N9 (1,580)
to Nokia N9 / N950 by aspergerguy - 8 hrs, 26 mins ago -
Nokia N9-00 Prototype Build S1.12 (RM-680 codename "Dali") (250)
to Nokia N9 / N950 by en0s - 3 days, 4 hrs ago -
[Announce] Maebble - Pebble support for Maemo (118)
to Applications by glo-worm - 3 days, 17 hrs ago -
Possible to flash Leste to eMMC? (6)
to Maemo 7 / Leste by Eri - 4 days, 7 hrs ago - more...
|
2010-01-18
, 13:12
|
|
Posts: 337 |
Thanked: 160 times |
Joined on Aug 2009
@ München, DE
|
#62
|
Originally Posted by hqh
Ummm. Who talked about obscuring them? Clearly something like a keyring is needed for passwords - that's encrypting, and not obscuring.
Like already mentioned, providing a false sense of security through obscuring the passwords would do no good either. They would still be easily accessible by determined "friends"/family members and malicious programs.
|
|
2010-01-18
, 13:15
|
|
Posts: 337 |
Thanked: 160 times |
Joined on Aug 2009
@ München, DE
|
#63
|
Originally Posted by mece
You cannot hash the password. How would you use the hash to log in?
I guess hashing the password is a simple way to make people feel secure, and it does give some protection against opportunist laymen.
 |
|
2010-01-18
, 13:17
|
|
Posts: 1,111 |
Thanked: 1,985 times |
Joined on Aug 2009
@ Ċbo, Finland
|
#64
|
Originally Posted by range
sorry I meant some reversable type of encoding.
You cannot hash the password. How would you use the hash to log in?
__________________
Class .. : Meddler, Thread watcher, Developer, Helper
Humor .. : [********--] Alignment: Pacifist
Patience : [*****-----] Weapon(s): N900, N950, Metal music
Agro ... : [----------] Relic(s) : N95, NGage, Tamyia Wild One
Try Tweed Suit for your hardcore twittering needs
http://twitter.com/mece66
I like my coffee black, like my metal.
Class .. : Meddler, Thread watcher, Developer, Helper
Humor .. : [********--] Alignment: Pacifist
Patience : [*****-----] Weapon(s): N900, N950, Metal music
Agro ... : [----------] Relic(s) : N95, NGage, Tamyia Wild One
Try Tweed Suit for your hardcore twittering needs
http://twitter.com/mece66
I like my coffee black, like my metal.
|
|
2010-01-18
, 13:18
|
|
Posts: 388 |
Thanked: 842 times |
Joined on Sep 2009
@ Finland
|
#65
|
Originally Posted by range
Quite a many people in this thread
Ummm. Who talked about obscuring them?
Originally Posted by range
Yes, agreed. That would mean no more autologin though, and require such changes that I guess it's safe to bet that this won't be seen in maemo 5.
Clearly something like a keyring is needed for passwords - that's encrypting, and not obscuring.
|
|
2010-01-18
, 13:21
|
|
Posts: 891 |
Thanked: 499 times |
Joined on Nov 2009
@ UK
|
#66
|
So I see a lot of comments here leading to one fact that: as long as you have physical access to the device you shouldn't worry
But, remotely steal your data is a possibility without the need to have access to the device.
For example:
ATM it's difficult to know thats apps on Extras got anything harmful in them...I believe it is reasonably easy to slip in a code to send accounts.cfg with passwords in plain text back
Encrypted is better than nothing, if can't encrypted can't be done then don't store them at all.
But, remotely steal your data is a possibility without the need to have access to the device.
For example:
ATM it's difficult to know thats apps on Extras got anything harmful in them...I believe it is reasonably easy to slip in a code to send accounts.cfg with passwords in plain text back
Encrypted is better than nothing, if can't encrypted can't be done then don't store them at all.
__________________
Follow me on Twitter
Follow me on Twitter
 |
|
2010-01-18
, 13:23
|
|
Posts: 455 |
Thanked: 782 times |
Joined on Nov 2009
@ Netherlands
|
#67
|
So, a guy that knows how to write an app, or inject his malicious code into some other app, and convince you to download and install it, will have more trouble getting your obfuscated passwords than those written in plain text? Come on...
 |
|
2010-01-18
, 13:26
|
|
Posts: 2,535 |
Thanked: 6,681 times |
Joined on Mar 2008
@ UK
|
#68
|
Originally Posted by Venomrush
The threat vectors for the Internet have changed significantly in the last 16 months? Wow.
Last Modified by petr.bug, 16 months ago
You should not apply what being said in this article to today's world where security takes priority,
[...] where there's a massive growth in the smart mobile market and Web 2.0 usage such as blogging Twitter Facebook etc.
Users are now becoming more concern with their privacy and the risks of identity theft.
__________________
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
| The Following 7 Users Say Thank You to Jaffa For This Useful Post: | ||
|
|
2010-01-18
, 13:33
|
|
Posts: 883 |
Thanked: 980 times |
Joined on Jul 2007
@ Bern, Switzerland
|
#69
|
I can't believe the sheer arrogance of the ideologic "security folks", preaching supersecurity or none at all.
In practice, having weak security IS better than no security. In this case, at least having encoded passwords is still better than having plaintext. Becaus it at least prevents random/accidental password exposure. Otherwise we could pretty much also stop **** the password entry fields.
In practice, having weak security IS better than no security. In this case, at least having encoded passwords is still better than having plaintext. Becaus it at least prevents random/accidental password exposure. Otherwise we could pretty much also stop **** the password entry fields.
__________________
-Tom (N900, N810, N800)
"the idea of truly having a computer in your pocket just moved a big step closer."
-Tom (N900, N810, N800)
"the idea of truly having a computer in your pocket just moved a big step closer."
| The Following 4 Users Say Thank You to twaelti For This Useful Post: | ||
|
|
2010-01-18
, 13:37
|
|
Posts: 891 |
Thanked: 499 times |
Joined on Nov 2009
@ UK
|
#70
|
Originally Posted by twaelti
+1
I can't believe the sheer arrogance of the ideologic "security folks", preaching supersecurity or none at all.
In practice, having weak security IS better than no security. In this case, at least having encoded passwords is still better than having plaintext. Becaus it at least prevents random/accidental password exposure. Otherwise we could pretty much also stop **** the password entry fields.
If having access to the device is the only way to get the passwords, then might as well unhide the asterisks so we (the real owners) know what we mistyped.
__________________
Follow me on Twitter
Follow me on Twitter
 |
| Tags |
| conversations, debate, email, fremantle, instant message, instant messaging, maemo, maemo 5, modest, password, passwords, plain text, security, telepathy |
«
Previous Thread
|
Next Thread
»
|
All times are GMT. The time now is 00:50.
Unless you implement strong encryption and a master password that you will always need to enter when some of the services need to read a password from that file.