Bug#321413: All passwords are safed in cleartext!
severity 321413 wishlist retitle 321413 All passwords stored in XML and TXT are saved in cleartext! thanks On Fri, Aug 05, 2005, Jan wrote: I am using MyPasswordSafe for a long time. By accident I took a look to my default passwordsafe-file ~/.passwörter.xml and was scared because all passwords are safed in cleartext! No encryption! Yes, it is cleartext for XML and TXT as warned in the manual, and when you save as... (UNENCRYPTED). Here is an extract from /usr/share/doc/mypasswordsafe/html/manual.html pPassword Safe is a similiar to MyPasswordSafe, but runs only on Windows. Files created by Password Safe can be opened by MyPasswordSafe and vice-versa. The files are encrypted using the Blowfish algorithm, and are presumed to be secure. Use idat/i for the extension. /p pText files should bfont color=redNEVER/font/b be used. All information is stored unencrypted. If you find them useful, go ahead and use them. /p a href=#topBack to top/a I set the severity to wishlist, as it may be useful (you may know better than me) to also encrypt xml and txt files. Maybe Khalid will want to close it, as this is documented. -- adn Mohammed Adnène Trojette
Bug#321413: All passwords are safed in cleartext!
On Sun, Sep 04, 2005, Mohammed Adnène Trojette wrote: severity 321413 wishlist retitle 321413 All passwords stored in XML and TXT are saved in cleartext! thanks severity 321413 serious thanks Steve Langasek suggests that Safe Password (*.dat) file should be default. Thus I upgrade this bug to its original serious severity and try to write a patch for this. Sorry for the noise, though. -- adn Mohammed Adnène Trojette
Bug#321413: All passwords are safed in cleartext!
tag 321413 patch On Sun, Sep 04, 2005, Mohammed Adnène Trojette wrote: severity 321413 serious thanks Steve Langasek suggests that Safe Password (*.dat) file should be default. Thus I upgrade this bug to its original serious severity and try to write a patch for this. Sorry for the noise, though. Here is a patch. -- adn Mohammed Adnène Trojette diff -urN mypasswordsafe-0.0.20041004.orig/src/mypasswordsafe.ui.h mypasswordsafe-0.0.20041004/src/mypasswordsafe.ui.h --- mypasswordsafe-0.0.20041004.orig/src/mypasswordsafe.ui.h2004-10-04 05:04:12.0 +0200 +++ mypasswordsafe-0.0.20041004/src/mypasswordsafe.ui.h 2005-09-04 02:19:56.629109040 +0200 @@ -547,7 +547,7 @@ QString all_safes(tr(All Safes (%1)).arg(Safe::getExtensions())); QString all_files(tr(All Files (*))); - QString types(QString(%1\n%2\n%3).arg(all_safes).arg(Safe::getTypes()).arg(all_files)); + QString types(QString(%2\n%1\n%3).arg(all_safes).arg(Safe::getTypes()).arg(all_files)); QFileDialog file_dlg(QString::null, types, this, file, true); diff -urN mypasswordsafe-0.0.20041004.orig/src/safeserializer.cpp mypasswordsafe-0.0.20041004/src/safeserializer.cpp --- mypasswordsafe-0.0.20041004.orig/src/safeserializer.cpp 2004-10-02 05:26:43.0 +0200 +++ mypasswordsafe-0.0.20041004/src/safeserializer.cpp 2005-09-04 02:19:56.141183216 +0200 @@ -42,10 +42,10 @@ using namespace std; SafeSerializer::SerializerVec SafeSerializer::m_serializers; -PlainTextLizer _plain_text_lizer; BlowfishLizer2 _blowfish_lizer2; BlowfishLizer _blowfish_lizer; XmlSerializer _xml_serializer; +PlainTextLizer _plain_text_lizer; SafeSerializer::SafeSerializer(const QString extension, const QString name) : m_extension(extension), m_name(name)
Bug#321413: All passwords are safed in cleartext!
Package: mypasswordsafe Version: 0.0.20041004-2 Severity: critical I am using MyPasswordSafe for a long time. By accident I took a look to my default passwordsafe-file ~/.passwörter.xml and was scared because all passwords are safed in cleartext! No encryption! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
