On 10 September 2024 at 14:09, R Losey said: > Well, but think about it... after the password is entered, THEN what? The > "correct" password would have to be stored somewhere so that GnuCash could > verify what is entered is correct, and clearly saving the password in > clear text is not secure. Because the software is open source, anyone > could read the steps taken to secure the password, and that would be a > huge help in breaking the password.
Clearly you don't know anything about how password protected files are handled. The password is NOT stored anywhere. It doesn't need to be. So there is no code taking "steps to secure the password". The program doesn't need to "verify what is entered is correct", beyond attempting to use it to decrypt the data. That either works or it doesn't. _______________________________________________ gnucash-user mailing list [email protected] To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user ----- Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
