Sign in to follow this  
Followers 0
ifmn

Password in favorites

13 posts in this topic

In favorites you can write your pass so you dont have to write it every time you connect to a hub (where you have registered that nick).But if someone has your Favorites.xml he can decrypt or atleast see how many characters are there in your pass - that's not good.(atleast for me).How about encrypting that pass and hiding it ? So if u wanna change you pass you must enter the new one directly , not deleting the old one and then writing the new one.

Share this post


Link to post
Share on other sites

im someone can read your favioutrets.xml file you probably have more problems then them stealing your dc account

Share this post


Link to post
Share on other sites

im someone can read your favioutrets.xml file you probably have more problems then them stealing your dc account

Well you're right but having more security is better.What if i have a brother ?I must encrypt that folder or use the security feature (in which (v.0.2.1) I found many holes) to prevent him from stealing my pass.But what if im a newbie ? I've never seen options and im too lazy to type the pass every time ?Or if i wanna give my favorites to someone else (imagine if i have 20 hubs - i must remove the pass from each single one , send the favorites.xml and retype the pass for each single hub)

Share this post


Link to post
Share on other sites

In case you have only one pass or a few passwords for all hubs make a copy of Favorites.xml, open with Notepad and do a Replace of password and nick. Then you could send this copy. :whistling:

Share this post


Link to post
Share on other sites

Or if i wanna give my favorites to someone else (imagine if i have 20 hubs - i must remove the pass from each single one , send the favorites.xml and retype the pass for each single hub)

Uhm.. If you give your favorites to someone else, why would YOU have to retype the passwords then after sending him? Do you seriously edit and send the original file, not a copy that can be edited and deleted after sending? :whistling:

Share this post


Link to post
Share on other sites

But what if im a newbie ?

I know that but how can a newbie know that ?And i did that with the copying a long time ago//if it wasnt for that forum i'd only know how to use the interface for everything and how to export my settings//, i just tought that it'd be a good example for what a newbie'd do.

And You are only discussing the export example.What about the encrypting in favorites.xml and hiding it in the favorites?

Share this post


Link to post
Share on other sites

the thing with security is the value of protecting it is defined by the value of the infomation. Most people wouldn't value there dc++ password infomation. if they are just a reged user there is not too much affect of someone stealing your password. If your an op or in private hub the situation is different. However most people in this situation would be able to add the appropriate protection level at the os, where it should be i.e. you should only give you, admin, and the user running apex access to read the fav file set up other user names for other people other then you. and lock you session when you are away from the PC. these are the ways you should protect infomation.

Extra security should only be put in place if the value of the data is important enogh to first break all the os security. Plus the benift of having passwords in a fav file is that when a hub looses all there accounts and you need to re-reg (as they enevitably will) or if you need to change your name/prefix or for any reasons. you can recover the password easily.

To answer your question about how could a newbie know. Well to be quite frank tuff!. if you are willing to post a clear text file to a stranger with out looking at it first then it is your own fault if a password gets nicked. XML is the most intuitve language there is; MSIE opens it easily. so any newbie no mater what would be able to open that file and quickly see that it had passwords in. If you think that they wouldn't think to open the file, then thay shouldn't be playing with it.

Edited by balder

Share this post


Link to post
Share on other sites

Balder, I agree on most points, but a good program is not supposed to rely on the OS too much. :whistling: And on principle, if it's possible to make the passwords encripted, why not? This encription probably can be protected by a master password, like in TrueCrypt. Or if we are real maniacs - two passwords. The first will be fake, giving wrong passwords, the second will be the real. In this way even a bruteforce will be hard. :)

Share this post


Link to post
Share on other sites

And on principle, if it's possible to make the passwords encripted, why not?

Because i tend to forget my favorite hub passwords every now and then, and this is why i want the to be in human readable format :whistling:

Share this post


Link to post
Share on other sites

Because i tend to forget my favorite hub passwords every now and then, and this is why i want the to be in human readable format :whistling:

You can always decrypt em or write em on a list.Ok if You dont like extra security for some reason.

@balder: If You were Bill Gates then passwords for acounts wouldnt be invented, cuz OS will relly on hardware security - just lock your room , lock your apartment and You are secured.(Just a joke,dont take this personally)

Share this post


Link to post
Share on other sites

You can always decrypt em or write em on a list.Ok if You dont like extra security for some reason.

Not going to happen, you see, i'm also a lazy person so i possibly could not bother to keep such list...

And besides the current "encryption" that other DC clients use to encrypt favorite hubs passwords is so easy to identify and decrypt that there is no point in adding it, so i'd need to add another better encryption for it, and i just don't feel like doing such a job for a feature that could make my life harder sometimes...

Share this post


Link to post
Share on other sites

If You were Bill Gates then passwords for acounts wouldnt be invented, cuz OS will relly on hardware security - just lock your room , lock your apartment and You are secured.

i think you missed my point. i did ramble a bit and i cant be bothered to read what i wrote so i will forgive you.. as you pointed out you could lock your room. sounds like that would serve your purpose. i think favs arnt important enough to be encrypted. As crise said the benifit of them being in the clear is better. there will enevitably people who fall outside this but they will have to solve there own prolems

Share this post


Link to post
Share on other sites

Ok, i got the point - you see no reason to do that.I was trying to speak from the name of all apex users.I can encrypt my folder,put a pass on my account and lock my room, but what about all other users who cant do that?Just wanted to improve apex.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0