Full Disclosure mailing list archives
Re: Filezilla's silent caching of user's credentials
From: Andrew Farmer <andfarm () gmail com>
Date: Sat, 16 Oct 2010 11:35:07 -0700
On 14 Oct 2010, at 14:01, Jeffrey Walton wrote:
If the encryption key stays on the same PC, there is absolutely no security in that. Given that this is open source, security through obscurity can't even start working (-> encrypting local files with a local key / using custom algo == security through obscurity).Linux [apparently] has not caught on to the fact that applications could use help in securing secrets. Microsoft has DPAPI and iOS has KeyChain (one of the bug reports stated about the same).
Kernel key management seems to be a step in the right direction: http://lwn.net/Articles/210502/ And FWIW, Keychain Services is mostly (all?) in userspace, so there's no reason a similar solution couldn't be implemented on Linux. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Filezilla's silent caching of user's credentials, (continued)
- Re: Filezilla's silent caching of user's credentials Chris Evans (Oct 14)
- Re: Filezilla's silent caching of user's credentials silky (Oct 14)
- Re: Filezilla's silent caching of user's credentials Christian Sciberras (Oct 14)
- Re: Filezilla's silent caching of user's credentials silky (Oct 14)
- Re: Filezilla's silent caching of user's credentials Valdis . Kletnieks (Oct 14)
- Re: Filezilla's silent caching of user's credentials Christian Sciberras (Oct 14)
- Re: Filezilla's silent caching of user's credentials Valdis . Kletnieks (Oct 14)
- Re: Filezilla's silent caching of user's credentials Pete Smith (Oct 14)
- Re: Filezilla's silent caching of user's credentials Adnan Vatandas (Oct 14)
- Re: Filezilla's silent caching of user's credentials Jeffrey Walton (Oct 14)
- Re: Filezilla's silent caching of user's credentials Andrew Farmer (Oct 16)
- Re: Filezilla's silent caching of user's credentials Adnan Vatandas (Oct 14)
- Re: Filezilla's silent caching of user's credentials Christian Sciberras (Oct 14)
- Re: Filezilla's silent caching of user's credentials Chris Evans (Oct 14)
- Re: Filezilla's silent caching of user's credentials Jonathan Kamens (Oct 14)