On Wed, 22 Apr 2015 09:08:49 +0100 Tom Hacohen <[email protected]> said:
> On 22/04/15 09:04, Carsten Haitzler wrote: > > raster pushed a commit to branch master. > > > > http://git.enlightenment.org/core/enlightenment.git/commit/?id=40a91376c6024b08e99981a61376be3927aa9c61 > > > > commit 40a91376c6024b08e99981a61376be3927aa9c61 > > Author: Carsten Haitzler (Rasterman) <[email protected]> > > Date: Wed Apr 22 17:03:44 2015 +0900 > > > > e screenlock config diloag - note insecureness for personal pw/pin > > > > these store pin/pw in your user config files - it may be primitively > > hashed to obscure it, but it's there. it never pretended to have > > secure storage and even saved cleartext until e19. make sure people > > are aware > > It's really not too different from cleartext. Well actually it is, > because the hash is so shitty and only 32bit, it's more likely you'll > get a different password to work than the real one, so maybe revealing > the original password won't be easy with so many passwords working. :) chance is REALLY low. i was going to revert it but e19 weas released with this and thus people who set a custom pw would have it break if i did. so marked it as insecure regardless - don't use it unless you REALLY want to and you are happy with pin/pw being basically in your configs and trivially brute-forcable. the default is pam - so this really is warning those that switch away. > Anyhow, glad you decided to mark it as insecure. > > -- > Tom. > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > enlightenment-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) [email protected] ------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
