[Blink] Blink stores plain word passwords in its config file?

Juha Heinanen jh at tutpro.com
Wed Nov 24 11:01:22 CET 2010


Dan Pascu writes:

> It will not matter if the password is encrypted or not. All it takes  
> is a print in the blink code after blink has decoded the encrypted  
> password. The only way to prevent this is if the password is not  
> stored but blink asks for it every time, so you need the actual owner  
> to input it before it will be known. But even this will not guarantee  
> you security, since someone may stole it while blink is already  
> running or may not stole your system at all, but he will just modify  
> the software to log the typed password to a file.

dan,

looks like you didn't read my message carefully, because i tried to tell
the same points.  if password is not in config file, blink should ask
for it each time blink starts. that would protect the password unless
blink was running when the system was lost.

> If you're that worried about it being stolen/lost, you should encrypt  
> your filesystem anyway, because I guess you have much more sensitive  
> information on it that a sip client password.

i don't encrypt the whole filesystem, but just sensitive files.  now i
can only use blink with a demo account.

-- juha



More information about the Blink mailing list