[Imapfilter-devel] Encrypted passwords

Lefteris Chatzibarbas lefcha at users.sourceforge.net
Wed Dec 12 18:11:44 EET 2001


On Wed, Dec 12, 2001 at 03:43:13PM +0000, Gabor Z. Papp wrote:
> * Lefteris Chatzibarbas <lefcha at users.sourceforge.net>:
> 
> | No.  IMAPFilter will use the (OpenSSL) libcrypto library, in order to
> | encrypt user's passwords using a (master) passphrase (this passphrase
> | must be given each time the program is executed).  The symmetric cipher
> | used is Blowfish (other algorithms may follow).
> 
> Why don't you choose a method where no additional passphrase needed?

Another method, such as?

One good reason to encrypt your passwords is that the machine you are
using is in a non-secure enviroment where someone (eg. a malicious person
or even root) can get access to the passwords that are stored in the
IMAPFilter configuration file.  No additional passphrase means that this
passphrase (master password) is stored somewhere.  In other words one can
get your encrypted passwords AND this passphrase, and decrypt the former.

Surely, this feature is not so useful if you run IMAPFilter from your
personal workstation at home.

_______________________________________________
Imapfilter-devel mailing list
Imapfilter-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/imapfilter-devel



More information about the Imapfilter-devel mailing list