On Wed, Sep 11, 2024 at 9:56 AM Fred Bone <[email protected]> wrote:
> On 10 September 2024 at 14:09, R Losey said: > > > Well, but think about it... after the password is entered, THEN what? The > > "correct" password would have to be stored somewhere so that GnuCash > could > > verify what is entered is correct, and clearly saving the password in > > clear text is not secure. Because the software is open source, anyone > > could read the steps taken to secure the password, and that would be a > > huge help in breaking the password. > > Clearly you don't know anything about how password protected files are > handled. > > The password is NOT stored anywhere. It doesn't need to be. So there is > no code taking "steps to secure the password". > > The program doesn't need to "verify what is entered is correct", beyond > attempting to use it to decrypt the data. That either works or it > doesn't. > It's certainly possible that Im am lacking knowledge... I was thinking of the *nix passwords which are (used to be) stored in encrypted form in the /etc/passwd file. I assume that if a file is protected by a password (or encrypted, for that matter), there must be some way of verifying that what the user enters at a password prompt is correct. You write that they attempt to decrypt the data -- fine, but in a file, how do they tell if a bunch of 0s and 1s have been correctly decrypted? -- _________________________________ Richard Losey [email protected] Micah 6:8 _______________________________________________ gnucash-user mailing list [email protected] To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user ----- Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
