Bug 14774 - kppp password not encrypted
Summary: kppp password not encrypted
Status: RESOLVED UNMAINTAINED
Alias: None
Product: kppp
Classification: Applications
Component: general (show other bugs)
Version: 1.1.99
Platform: unspecified Linux
: NOR normal
Target Milestone: ---
Assignee: Harri Porten
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2000-11-06 18:48 UTC by Unknown
Modified: 2020-10-20 20:57 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Y Glodt 2000-11-06 18:41:55 UTC
(*** This bug was imported into bugs.kde.org ***)

Package: kppp
Version: 1.1.99 (KDE 2.0)
Severity: grave
Compiler: gcc version 2.95.2 19991024 (release)
OS: Linux 2.2.16 i686 (compiled sources)

Hello

the password for the ISP is stored in kppprc but there it isn't encrypted aswell.
In kmailrc the passwords are encrypted!
Sorry maybe the previous mail was a litte confusing hope you got it

Thank you

Yves
Comment 1 Harri Porten 2000-11-06 19:09:26 UTC
Yves Glodt wrote:
> 
> Package: kppp
> Version: 1.1.99 (KDE 2.0)
> Severity: grave
> Compiler: gcc version 2.95.2 19991024 (release)
> OS: Linux 2.2.16 i686 (compiled sources)
> 
> Hello
> 
> the password for the ISP is stored in kppprc but there it isn't encrypted aswell.
> In kmailrc the passwords are encrypted!

That doesn't make them safe either. The decrypting algorithm is
certainly part of kmail which is open source and therefore doesn't make
it safe. Note that kppprc is only readable by the user. Nobody else can
look at it other that root but the superuser could crack anything like I
described above.

I'll keep the report but lower it's severity.

Harri.
Comment 2 Stephan Kulow 2004-05-17 20:11:00 UTC
Replaced y.glodt@vo.lu with null@kde.org due to bounces by reporter
Comment 3 Munzir Taha 2004-06-13 23:31:13 UTC
It's not a matter of 100% security. It's a matter of not making it very easy for everyone to see it. Do you know of any other application that store its password in plain text? If any, please tell me so that I will take care of this.
Comment 4 Harri Porten 2004-06-14 00:38:01 UTC
You can start by taking care of kppp. Patches are welcome. Preferably one
that doesn't break for users of previous versions. Thanks.
Comment 5 Munzir Taha 2004-06-14 20:15:10 UTC
By taking care I meant to say I won't allow people to sit in front of it if I have Internet access from it. I want to know if there is any other program that does such a strange behaviour to take care also. I am sorry I am not able to provide a patch now because of lack of programming skills. Really sorry!
Comment 6 Thijs Vermeir 2004-12-09 15:11:41 UTC
Mac OSX stores the passwords in plain text. Also only visible for the administrator(s)
Comment 7 Munzir Taha 2004-12-19 14:45:43 UTC
No wonders, Mac OS X is essentially desktop Linux with more expenses and less customizations!
Comment 8 Gilles Schintgen 2005-03-18 00:06:40 UTC
I agree that obfuscation doesn't change much, but with the introduction of kwallet, it has become much easier to store them in a really safe way.
Comment 9 Harri Porten 2005-03-19 04:41:30 UTC
Time to implement the KWallet integration?
Comment 10 Gilles Schintgen 2005-03-19 11:14:35 UTC
> Time to implement the KWallet integration?

No, sorry. Perhaps it could be marked as JJ?
Comment 11 Munzir Taha 2020-10-20 20:57:35 UTC
Should we keep this bug open to remember the good old days of dial-up and the amusing dial-up tone? I think this is not used any more by any one in the world ;)

Closing.