2010/11/28 Volodya <Volodya at whengendarmesleeps.org>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 11/25/2010 04:51 PM, Matthew Toseland wrote: >> On Tuesday 23 November 2010 15:43:35 Ian Clarke wrote: >>> On Tue, Nov 23, 2010 at 9:34 AM, <cvollet at gmail.com> wrote: >>> >>> Also, is it not possible to have a >>>> system to backup passwords in-freenet? (of course, only if we agree >>>> identity-based encryption is a plus) >>> >>> Well, there would need to be a separate recovery password, and then the >>> original password simply becomes redundant from a security point of view. >> >> Right, password recovery is out, if the user doesn't want to remember the >> password they should just not set one. > > I think people who are thinking about any sort of "password recovery" > misunderstand the people who'll ever use Freenet. While it's possible to model > the UI after a more "common" tool, most Freenet users will at know about > things > like drive encryption or PGP e-mail (if not use them), and last i checked the > idea of a password recovery for the PGP key chain or a truecrypt drive will > send > shivers down the spine of everybody. > Well, we want our audience to be larger, and includes non-geeks. So people might not know that password recovery is not very safe. And, at the same time, we might have some people who want password recovery. It may be (well, I'm pretty sure it is) an edge case, but if someone set up Freenet on a familial computer, and just want to prevent the other users to eavesdrop its activity, he doesn't need a really secure account. And a password recovery system could be useful in this case. And that's for that use case that I wanted to know if it is possible on Freenet.
I do know that most Freenet users won't use such a system, but if it doesn't cost us anything, and can make happy some users, why shouldn't we propose it? But maybe it's best to care about edge cases after we have something that fulfill all the basic needs... So let's rule out the password recovery system for now. > ? ? ? ? ? ? ? ? ?- Volodya > > - -- > http://freedom.libsyn.com/ ? ? Echo of Freedom, Radical Podcast > > ?"None of us are free until all of us are free." ? ?~ Mihail Bakunin > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJM8oyIAAoJENW9VI+wmYas9IcIAKm7taGhlum1FZiTVgdRI0mi > NvFH7fJNYFTXMSPg8ZCHiQ87YIp2It0CizG+f9wBhOfa+lChU53ccN5kC0cN0vTT > 3G49No/gExSKIn3EqDdU7QVH4KRrMYQIkDSwGWz0EZ+olOyWJ+bq0Zodww752gvJ > H+rHq3K3hDvEeCwyboxprwiXxsPcaYxcvIfYxMqXItOGI8aMU7OAYEzzdVNcUWzu > UV6ZVEMN7UxIYFFfZi6WCy7uGOkX75tx35KnyBzATkbOINPwGglCkstRbXcORZmr > yQOnjQxbFCciX9OhQX8vzEp1rK7upqKIwjiCSv8IewZGRh2povPWzJugYiHza0Q= > =ufFx > -----END PGP SIGNATURE----- > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://freenetproject.org/cgi-bin/mailman/listinfo/devl >
