Hello, list. Recently I was wondering about applications like Mozilla's Password Manager, KWalletManager and applications of this sort.
I assume these applications use encryption to store my passwords on the disk. Unfortunately, the code is open, and I find this sort of protection pretty weak (unless I'm mistaking somewhere along the way). Since the source code is available to everyone, I conclude my passwords can be easily deciphered by anyone who has access to the code. Encryption method is known, and so is the encryption key (whether in the source code or anywhere on my hard drive). My questions are these: 1. Is it so? Is stealing passwords from these application is as possible as I see it? 2. If I wanted to build a password manager of this sort, and release it under the GPL, could I choose *not* to release the encryption key as part of the source code, and keep it hidden and secret from the world, or this would prevent me from releasing it under the GPL (or any other free license)? If it will, how can I build a secure FS application of this sort? Any ideas? Thanks, - Itay. ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
