URL:
<http://savannah.nongnu.org/task/?7395>
Summary: Passwords, aliases and.. encryption?
Project: Wee Enhanced Environment for Chat
Submitted by: smoppy
Submitted on: Friday 10/19/2007 at 09:25
Category: configuration file
Should Start On: Friday 10/19/2007 at 00:00
Should be Finished on: Wednesday 11/14/2007 at 00:00
Priority: 5 - Normal
Status: None
Privacy: Public
Percent Complete: 0%
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
IRC nick: claudio`
_______________________________________________________
Details:
I was playing a bit with the WeeChat aliases and i was wondering if would be
useful to have encrypted passwords. The answer is yes, to me. Clean passwords
are *never* a good thing, even if decryption is needed before send them. Also
i have to power off my monitor before run the "/alias" command in order to
hide my passwords from some alias i made (we won't presents our passwords to
spy users, right? :-)).
Another thing i think can be used is a new server-specified option which
include the password, possibly crypted (maybe with crypt(3) or encrypt(3)).
This can be accessed by providing a global variable (at least for the server
options and aliases). This approach can improve a bit the password management
on WeeChat since we only have to set the password (crypted) in one place and
then use the global variable to put it everywhere in the configuration. As
example, suppose the global variable is called "$svrpwd", the *_server_command
value may change from:
"/msg NickServ identify MyCleanPassword"
to a simple and "unspyable"
"/msg NickServ identify $svrpwd"
Now suppose we have to write the aliases "/ghost" and "/idchans". The 1st
which kill the ghost, change the nick and identify us again into the server,
the 2nd which identify us into every channel we are in list. Without encrypted
password (and consequently without $svrpwd global variable) the only way to do
this (exluding plugins) is to do something like this:
"/alias GHOST /msg NickServ ghost MyNickName MyPassword ; /nick MyNickName
; /msg NickServ identify MyPassword"
"/alias IDCHANS /msg ChanServ identify #MyChan1 MyPassword ; /msg ChanServ
identify #MyChan2 Mypassword ; .. ; and so on"
This way, everytime you get the aliases list by typing "/alias", everyone
hiding behind you (:D) can read your passwords.. easily.
This why i propose to add on WeeChat the following:
o Server option *_server_password_crypted;
o A global variable containing the value of the
this options (the crypted password)
It's implicit that the password have to be decrypted before use.
If you think a plugin can be a better solution, just ignore this item.
However such feature should be provided with the WeeChat core or with a
compilation option like "--encrypted-passwords" (which i don't like, really),
i think.
PS: sorry for my english and THX to provide us a good software as WeeChat
is.
Claudio M.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/task/?7395>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
_______________________________________________
Weechat-dev mailing list
Weechat-dev@nongnu.org
http://lists.nongnu.org/mailman/listinfo/weechat-dev
