[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3064 [Vidalia]: Vidalia stores ControlPassword as plaintext

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #3064 [Vidalia]: Vidalia stores ControlPassword as plaintext
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sun, 01 May 2011 17:32:58 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 01 May 2011 13:33:12 -0400
In-reply-to: <049.32d3ec12cbf8f32f71d3b53de8f171e5@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.32d3ec12cbf8f32f71d3b53de8f171e5@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3064: Vidalia stores ControlPassword as plaintext
--------------------------+-------------------------------------------------
    Reporter:  tornewbie  |       Owner:  chiiph
        Type:  defect     |      Status:  closed
    Priority:  normal     |   Milestone:        
   Component:  Vidalia    |     Version:        
  Resolution:  wontfix    |    Keywords:        
      Parent:             |      Points:        
Actualpoints:             |  
--------------------------+-------------------------------------------------
Changes (by rransom):

  * status:  new => closed
  * resolution:  => wontfix


Comment:

 Replying to [comment:1 chiiph]:
 > There's a lot of software that stores passwords in plain text. The idea
 is to set the file's permissions to be only readable by the owner, so that
 noone but the current user can read the file.
 >
 > I don't see any other solution than save the password like this.

 You could obfuscate the password like Firefox does.  That way, users can't
 tell that their vidalia.conf file is sensitive or recover their password
 from it if they need to, but attackers can still recover the password
 quite easily.

 But given a choice between storing the password as plaintext and giving
 users a false sense of security, The Tor Project's choice is plaintext.
 Closing.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3064#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #3064 [Vidalia]: Vidalia stores ControlPassword as plaintext
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #2806 [Vidalia]: Change description of 'start' check box
Next by Author: Re: [tor-bugs] #2375 [Vidalia]: Vidalia: New Identity: Minor grammar error
Previous by thread: Re: [tor-bugs] #3064 [Vidalia]: Vidalia stores ControlPassword as plaintext
Next by thread: Re: [tor-bugs] #3064 [Vidalia]: Vidalia stores ControlPassword as plaintext
Index(es):
- Author
- Thread