User: Password:
Subscribe / Log in / New account

Password storage on Android devices

Password storage on Android devices

Posted Aug 4, 2011 3:04 UTC (Thu) by thedevil (guest, #32913)
Parent article: Password storage on Android devices

"Thunderbird, PINE, Evolution, KMail, etc. — even IM clients — all send
the account password to the server when left running
unattended. Consequently, they must either store the password in plain
text, ask for it on every connection attempt, or encrypt it and require
the user to enter a different passphrase to unlock the storage

There is an easy solution: read the password from the filesystem, from a
configurable location. That way the encryption can be done by the
filesystem ONCE rather than having a separate encryption algo and
passphrase for every app under the sun.

Sadly, as far as I know among MUAs only Gnus, and maybe other Emacs based
clients, does this.

(Log in to post comments)

Color me confused

Posted Aug 4, 2011 17:04 UTC (Thu) by felixfix (subscriber, #242) [Link]

How does this solve anything? Maybe your description isn't clear. The problem is that if the decryption key does not come directly from user input every time it is needed, then the plaintext has to be stored somewhere. If that store itself is encrypted, then either the user has to be asked, again, for the password, or the program itself has the password, in which case you have merely moved the cleartext one step away.

This is obvious to anyone familiar with encryption and passwords, and described in the article itself. So either you haven't solved anything, or you haven't been clear.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds