[Imapfilter-devel] Encrypted passwords

Lefteris Chatzibarbas lefcha at users.sourceforge.net
Sat Dec 15 22:05:32 EET 2001


On Thu, Dec 13, 2001 at 02:22:27PM +0000, Gabor Z. Papp wrote:
> * Lefteris Chatzibarbas <lefcha at users.sourceforge.net>:
> 
> | This morning I came with a solution to this problem.  Basically,
> | IMAPFilter will have a daemon mode, where it will stay on the
> | background and poll repeatedly at a specific (user selected) interval.
> | In this way, the user has to enter his master password (assuming
> | that password encryption is enabled) only once and until IMAPFilter
> | is terminated no other user intervention will be necessary.
> 
> Host reboot, imapfilter starts again from a script, and
> hangs crying for a password.
> 
> Try find a method where no additional password needed, but
> the crypting is well enough for a light encryption. I bet
> freshmeat have a huge list of such tools.

The thing is that there is no way that IMAPFilter can get the master
password when the system reboots, except if it is somewhere in the
filesystem.  In this case, there is no encryption scheme and no
secure password storage.

If the master password is saved somewhere (if that is the meaning
of "light encryption") then the whole scheme is not -even a bit- more
secure than when you save the passwords in plain text in the configuration
file.

I know that it is annoying to enter this passphrase for IMAPFilter to
run, but you can't have security without the inconvenience.

_______________________________________________
Imapfilter-devel mailing list
Imapfilter-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/imapfilter-devel



More information about the Imapfilter-devel mailing list