[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3064 [Vidalia]: Vidalia stores ControlPassword as plaintext



#3064: Vidalia stores ControlPassword as plaintext
--------------------------+-------------------------------------------------
    Reporter:  tornewbie  |       Owner:  chiiph
        Type:  defect     |      Status:  closed
    Priority:  normal     |   Milestone:        
   Component:  Vidalia    |     Version:        
  Resolution:  wontfix    |    Keywords:        
      Parent:             |      Points:        
Actualpoints:             |  
--------------------------+-------------------------------------------------
Changes (by rransom):

  * status:  new => closed
  * resolution:  => wontfix


Comment:

 Replying to [comment:1 chiiph]:
 > There's a lot of software that stores passwords in plain text. The idea
 is to set the file's permissions to be only readable by the owner, so that
 noone but the current user can read the file.
 >
 > I don't see any other solution than save the password like this.

 You could obfuscate the password like Firefox does.  That way, users can't
 tell that their vidalia.conf file is sensitive or recover their password
 from it if they need to, but attackers can still recover the password
 quite easily.

 But given a choice between storing the password as plaintext and giving
 users a false sense of security, The Tor Project's choice is plaintext.
 Closing.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3064#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs