Subject: Re: Commit: Password dialog
From: Aaron Lehmann (aaronl@vitelus.com)
Date: Wed Oct 17 2001 - 13:40:33 CDT
On Wed, Oct 17, 2001 at 01:16:54PM -0400, Dom Lachowicz wrote:
> Hi guys,
>
> I just committed the password dialog for unix (non-gnome). I'll work on the
> gnome version shortly. Stubs exist for other platforms. Screenshot attached.
> I'll try and make it prettier in the near future, but it's not a high priority
Would you care to elaborate on the reason for this?
I admit that I haven't really been following the list, but my fear is
that this is for encryption, or even worse: DRM.
Encryption in itself isn't implicitly BAD, but it is hard to do
properly in a program not designed specifically with it in mind.
Preferably, passwords should be stored in secure (unswappable) memory.
If AbiWord does decide to implement encryption, I urge it not to take
an idiotic simple-XOR design that many other word processors have, but
to instead take the passphrase, run it through a one-way hash such as
MD5 (though MD5 is becoming deprecated), and use the hash result as a
key for a well-known, secure block cipher such as Blowfish, CAST5, or
3DES.
This archive was generated by hypermail 2b25 : Wed Oct 17 2001 - 13:40:42 CDT