On Mon, 17 Jun 2013, Thomas L?bking wrote:
Date: Mon, 17 Jun 2013 21:01:30 +0200
From: Thomas L?bking <[email protected]>
Reply-To: [email protected]
To: [email protected]
Subject: [trojita] Re: Using QtKeychain
On Montag, 17. Juni 2013 18:20:37 CEST, Jan Kundr?t wrote:
On Monday, 17 June 2013 14:41:16 CEST, Thomas L?bking wrote:
Wouldn't that render Trojit? "unusable" for "non-DE" users
(openbox or so), eventually even the "minor" ones (xfce, lxde)?
That depends on what "unusable" means.
Typing passwords for every account and time one starts trojit? ;-)
Do you see it as a critical feature?
Using KDE: "not personally".
I however doubt I would use a MUA if I had to enter passwords for all logins
everytime i start it.
That does not mean i'd endorse unencrypted PW storage.
This seems like familiar territory :-)
It's not the best way possible, but do you really want to drive away users
because of this? Does that really improve their security?
If you encrypt the file, you then have to worry about how you protect the
encryption key. It needs to either be stored in a file or hard-coded into the
app binary. Neither is good.
Frankly, for something like this, it does just about as much good to take some
text from the user, hash it, and xor the stored data with the hash as it does to
try to go with 'strong' encryption and then have to deal with all the problems
of managing the key.
David Lang
