also sprach Miriam Ruiz <little_miry@yahoo.es> [2005.04.16.1610 +0200]: > ~/.cycle/username can be easily retrieved just using a > python's module and knowing the password. I wouldn't > like such sensitive data to be stored in plain text in > a file. Why the heck is it password protected anyway? It's already in the home directory, so ~/.cycle should be permission 700. And root can get at the data with or without password (just wait until you enter it, then get the data from memory). I understand it's somewhat personal data, but not really much more than your email and the like. Symmetric password encryption must die! -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! #define emacs eighty megabytes and constantly swapping.
Attachment:
signature.asc
Description: Digital signature