Re: Fetchmail and Gmail

To: debian-user@lists.debian.org
Subject: Re: Fetchmail and Gmail
From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
Date: Mon, 24 Aug 2009 11:09:52 -0500
Message-id: <[🔎] 200908241109.52747.bss@iguanasuicide.net>
In-reply-to: <[🔎] a4b9b8210908240505l732f4334m2f7bdd27d757bc23@mail.gmail.com>
References: <[🔎] alpine.DEB.1.10.0908171825190.4044@marvin.dhcp.hri> <[🔎] 20090824110155.GC28695@think.homelan> <[🔎] a4b9b8210908240505l732f4334m2f7bdd27d757bc23@mail.gmail.com>

On Monday 24 August 2009 07:05:18 Rob Gom wrote:
> I believe that storing passwords encrypted is always
> safer than storing them unencrypted.

Well, then you would be wrong.

I an unattended program can take the bytes stored in the inode(s) and send 
your password to your ISP then a program written by an attacker can take the 
same bytes and send your password back to the attacker.  Technically the 
password is not encrypted in this case, only obfuscated.

If your password requires getting a passphrase/key/whatever from you, it can't 
be used by non-interactive programs.
-- 
Boyd Stephen Smith Jr.           	 ,= ,-_-. =.
bss@iguanasuicide.net            	((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy 	 `-'(. .)`-'
http://iguanasuicide.net/        	     \_/

Reply to:

References:
- Re: Fetchmail and Gmail
  - From: Girish Kulkarni <girish@hri.res.in>
- Re: Fetchmail and Gmail
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: Fetchmail and Gmail
  - From: Rob Gom <rgom.debian@gmail.com>

Prev by Date: Re: emacs23 in lenny-backports
Next by Date: Re: help for kernel panic
Previous by thread: Re: Fetchmail and Gmail
Next by thread: Re: Fetchmail and Gmail
Index(es):
- Date
- Thread