Subject: Re: Commit: Password dialog
From: Alan Horkan (horkana@tcd.ie)
Date: Wed Oct 17 2001 - 17:35:13 CDT
On Wed, 17 Oct 2001, Aaron Lehmann wrote:
> On Wed, Oct 17, 2001 at 01:16:54PM -0400, Dom Lachowicz wrote:
> > Hi guys,
> >
> > I just committed the password dialog for unix (non-gnome). I'll work on the
> > gnome version shortly. Stubs exist for other platforms. Screenshot attached.
> > I'll try and make it prettier in the near future, but it's not a high priority
>
> Would you care to elaborate on the reason for this?
>
> I admit that I haven't really been following the list, but my fear is
> that this is for encryption, or even worse: DRM.
I remember the last thread about encryption
(abiword is not and encryption program, do one thing well etc. and anyone
who really cares about security as opposed to a glorified read only
password will use PGP/GPG etc)
> Encryption in itself isn't implicitly BAD, but it is hard to do
> properly in a program not designed specifically with it in mind.
> Preferably, passwords should be stored in secure (unswappable) memory.
If Microsoft Word users put passwords on their files then abiword needs a
password dialog to be able to open them.
> If AbiWord does decide to implement encryption, I urge it not to take
> an idiotic simple-XOR design that many other word processors have, but
from the last discussion, on encryption i trust the developers would block
any such move and most likely provide suitable hooks/integration for
dedicated encryption software.
> to instead take the passphrase, run it through a one-way hash such as
> MD5 (though MD5 is becoming deprecated), and use the hash result as a
> key for a well-known, secure block cipher such as Blowfish, CAST5, or
> 3DES.
Question:
is the password dialog generic enough to open password protected zip
files? (i know that currently abiword uses gzip, but im talking about if
and when abiword uses zip or gets a filter for Open Office)
This archive was generated by hypermail 2b25 : Wed Oct 17 2001 - 17:35:24 CDT