[Blink] Blink stores plain word passwords in its config file?

[Emil Ivov]

На 24.11.10 11:04, Dan Pascu написа:
>> While encrypting with a master password does not prevent users from
>> someone modifying the application, it still gives them protection in a
>> whole bunch of other scenarios like for example a stolen PC or  
>> remotely
>> stolen config files.
> 
> At the risk of repeating myself, if anyone is worried about lost/ 
> stolen computers they should encrypt their filesystem. Much safer and  
> simpler 

Well it is certainly not simpler for the user since they need to setup
the encryption while having blink encrypt passwords would require no
effort from users other than setting the master password.

As for safer, that's arguable. If an attacker gains access to a computer
after you booted it, file system level encryption won't be that much of
a problem.

> Not to mention that  
> you are asked for a master password to unlock it only once when you  
> boot, not for every application that stores sensitive data on the disk.

That's true when using keyring. Not if you implement application-level
encryption.

> None claimed that. My sole point is that these will only generate a  
> false sense of security without really improving anything. I would  
> rather have users aware of the issues 

Adding more security to an application does not imply you have to
advertise it as fool proof. Application developers could do their best
to protect user data in situations they can address and users could
still be made aware of the risks.

Cheers,
Emil