[tor-bugs] #3064 [Vidalia]: Vidalia stores ControlPassword as plaintext
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sun May 1 17:32:58 UTC 2011
#3064: Vidalia stores ControlPassword as plaintext
--------------------------+-------------------------------------------------
Reporter: tornewbie | Owner: chiiph
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Vidalia | Version:
Resolution: wontfix | Keywords:
Parent: | Points:
Actualpoints: |
--------------------------+-------------------------------------------------
Changes (by rransom):
* status: new => closed
* resolution: => wontfix
Comment:
Replying to [comment:1 chiiph]:
> There's a lot of software that stores passwords in plain text. The idea
is to set the file's permissions to be only readable by the owner, so that
noone but the current user can read the file.
>
> I don't see any other solution than save the password like this.
You could obfuscate the password like Firefox does. That way, users can't
tell that their vidalia.conf file is sensitive or recover their password
from it if they need to, but attackers can still recover the password
quite easily.
But given a choice between storing the password as plaintext and giving
users a false sense of security, The Tor Project's choice is plaintext.
Closing.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3064#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list