(*** This bug was imported into bugs.kde.org ***) Package: kppp Version: 1.1.99 (KDE 2.0) Severity: grave Compiler: gcc version 2.95.2 19991024 (release) OS: Linux 2.2.16 i686 (compiled sources) Hello the password for the ISP is stored in kppprc but there it isn't encrypted aswell. In kmailrc the passwords are encrypted! Sorry maybe the previous mail was a litte confusing hope you got it Thank you Yves
Yves Glodt wrote: > > Package: kppp > Version: 1.1.99 (KDE 2.0) > Severity: grave > Compiler: gcc version 2.95.2 19991024 (release) > OS: Linux 2.2.16 i686 (compiled sources) > > Hello > > the password for the ISP is stored in kppprc but there it isn't encrypted aswell. > In kmailrc the passwords are encrypted! That doesn't make them safe either. The decrypting algorithm is certainly part of kmail which is open source and therefore doesn't make it safe. Note that kppprc is only readable by the user. Nobody else can look at it other that root but the superuser could crack anything like I described above. I'll keep the report but lower it's severity. Harri.
Replaced y.glodt@vo.lu with null@kde.org due to bounces by reporter
It's not a matter of 100% security. It's a matter of not making it very easy for everyone to see it. Do you know of any other application that store its password in plain text? If any, please tell me so that I will take care of this.
You can start by taking care of kppp. Patches are welcome. Preferably one that doesn't break for users of previous versions. Thanks.
By taking care I meant to say I won't allow people to sit in front of it if I have Internet access from it. I want to know if there is any other program that does such a strange behaviour to take care also. I am sorry I am not able to provide a patch now because of lack of programming skills. Really sorry!
Mac OSX stores the passwords in plain text. Also only visible for the administrator(s)
No wonders, Mac OS X is essentially desktop Linux with more expenses and less customizations!
I agree that obfuscation doesn't change much, but with the introduction of kwallet, it has become much easier to store them in a really safe way.
Time to implement the KWallet integration?
> Time to implement the KWallet integration? No, sorry. Perhaps it could be marked as JJ?
Should we keep this bug open to remember the good old days of dial-up and the amusing dial-up tone? I think this is not used any more by any one in the world ;) Closing.