[Blink] Blink stores plain word passwords in its config file?
dan at ag-projects.com
Wed Nov 24 15:58:54 CET 2010
On 24 Nov 2010, at 12:01, Juha Heinanen wrote:
> Dan Pascu writes:
>> It will not matter if the password is encrypted or not. All it takes
>> is a print in the blink code after blink has decoded the encrypted
>> password. The only way to prevent this is if the password is not
>> stored but blink asks for it every time, so you need the actual owner
>> to input it before it will be known. But even this will not guarantee
>> you security, since someone may stole it while blink is already
>> running or may not stole your system at all, but he will just modify
>> the software to log the typed password to a file.
> looks like you didn't read my message carefully, because i tried to
> the same points. if password is not in config file, blink should ask
> for it each time blink starts. that would protect the password unless
> blink was running when the system was lost.
Of course. Maybe I didn't convey my message clearly enough. Doing this
will help you in those cases but it is still powerless when someone
else has access to your computer and logs the password as soon as you
type it (by modifying the code). Unfortunately there is no foolproof
method that protects one in every possible case.
IMO, the simplest and most secure solution is to encrypt your
filesystem. You only type a master password once when you boot your
system, instead to type a master password for every application you
run. Plus it protects all your files not just a config file of a
More information about the Blink