Active Topics

 


Reply
Thread Tools
Posts: 104 | Thanked: 40 times | Joined on Nov 2009
#41
i have the PR1.1 fw installed and i had plain password in that file too

but i removed all the IM services and added them again and took a backup and the password does not show up anymore in that file... hmm
 
NvyUs's Avatar
Posts: 1,885 | Thanked: 2,008 times | Joined on Aug 2009 @ OVI MAPS
#42
there's too many stupid excuses coming up in this thread, if it was apple iphone it would already be on the lunch time news about it.
there is no other device in my possession what allows the exploit of passwords via a simple type of few words in a web browser and saying dont let it out your hands is not a solution. How is easy would it be for family and friends to spy on each other and yes it does happens amongst insecure people..
lastly how easy would it be for someone to code something to feed that data to a server?
 
Posts: 692 | Thanked: 264 times | Joined on Dec 2009
#43
Storing passwords in plaintext EVER =



Seriously, it's about 3 more lines of code to encrypt it!

Last edited by GameboyRMH; 2010-01-18 at 12:51.
 
Posts: 388 | Thanked: 842 times | Joined on Sep 2009 @ Finland
#44
Originally Posted by NvyUs View Post
there is no other device in my possession what allows the exploit of passwords via a simple type of few words in a web browser and saying dont let it out your hands is not a solution. How is easy would it be for family and friends to spy on each other and yes it does happens amongst insecure people..
lastly how easy would it be for someone to code something to feed that data to a server?
Like already mentioned, providing a false sense of security through obscuring the passwords would do no good either. They would still be easily accessible by determined "friends"/family members and malicious programs.
 

The Following User Says Thank You to hqh For This Useful Post:
Posts: 65 | Thanked: 43 times | Joined on Dec 2009
#45
Originally Posted by GameboyRMH View Post
Seriously, it's about 3 more lines of code to encrypt it!
Funny thing is we probably wouldn't even be having this conversation if Nokia had done ROT-13 on those.

On the other hand somebody might now be thinking their passwords are safe.
 

The Following 6 Users Say Thank You to reviver For This Useful Post:
Stskeeps's Avatar
Posts: 1,671 | Thanked: 11,478 times | Joined on Jun 2008 @ Warsaw, Poland
#46
Originally Posted by GameboyRMH View Post
Storing passwords in plaintext EVER =



Seriously, it's about 3 more lines of code to encrypt it!
Bring it on, show us I'm willing to bet that we will be able to dissect anything you come up with due to the physical access to device.
__________________
As you go on to other communities, remember to build them around politeness, respect, trust and humility. Be wary of poisonous people and deal with them before they end up killing your community.. Seen it happen to too many IRC channels, forums, open source projects.
 

The Following 5 Users Say Thank You to Stskeeps For This Useful Post:
NvyUs's Avatar
Posts: 1,885 | Thanked: 2,008 times | Joined on Aug 2009 @ OVI MAPS
#47
but why leave the door open to even make it easy for non tech minded people
 
SubCore's Avatar
Posts: 850 | Thanked: 626 times | Joined on Sep 2009 @ Vienna, Austria
#48
you know, if you go to "file:///home/user/.ssh/id_rsa", you can see the PRIVATE key file of the N900's user! omg!

seriously, i bet the iPhone and android do the same basically, the exact location might be a bit more obscure, but it certainly isn't "encrypted" there, either.

saving as a hashed string might be enough to soothe concerns here, and should be fairly easy to implement.
__________________
"What we perceive is not nature itself, but nature exposed to our method of questioning."
-- Werner Karl Heisenberg
 

The Following User Says Thank You to SubCore For This Useful Post:
Posts: 543 | Thanked: 181 times | Joined on Aug 2009 @ Universe,LocalCluster.MilkyWay.Sol.Earth.Europe.Slovenia.Ljubljana
#49
You are aware that the private key is usually encrypted as well

And it can be any other name Hell it could be anywhere else at that
A salted md5 hash would probably more or less avoid many of the concerns.
__________________
For any repos or anything else I might have working on my N900 see:
http://wiki.maemo.org/User:Ruskie
A quick list of what I have in the repos
zsh|xmms2|fcron|gtar|gcoreutils
 
Stskeeps's Avatar
Posts: 1,671 | Thanked: 11,478 times | Joined on Jun 2008 @ Warsaw, Poland
#50
Originally Posted by ruskie View Post
You are aware that the private key is usually encrypted as well

And it can be any other name Hell it could be anywhere else at that
A salted md5 hash would probably more or less avoid many of the concerns.
A salted MD5 hash won't help you autologin to your favourite IM.
__________________
As you go on to other communities, remember to build them around politeness, respect, trust and humility. Be wary of poisonous people and deal with them before they end up killing your community.. Seen it happen to too many IRC channels, forums, open source projects.
 

The Following 8 Users Say Thank You to Stskeeps For This Useful Post:
Reply

Tags
conversations, debate, email, fremantle, instant message, instant messaging, maemo, maemo 5, modest, password, passwords, plain text, security, telepathy


 
Forum Jump


All times are GMT. The time now is 19:37.