[Imapfilter-devel] Encrypted passwords

Lefteris Chatzibarbas lefcha at users.sourceforge.net
Mon Dec 17 22:25:22 EET 2001


On Sat, Dec 15, 2001 at 08:32:22PM +0000, Gabor Z. Papp wrote:
> * Lefteris Chatzibarbas <lefcha at users.sourceforge.net>:
> 
> | If the master password is saved somewhere (if that is the meaning
> | of "light encryption") then the whole scheme is not -even a bit- more
> | secure than when you save the passwords in plain text in the configuration
> | file.
> 
> No. I mean "light encryption" that can be cracked with a
> little work, but the work is too hard compared to the
> results. You can decrypt the encrypted file and get the
> password, but it cost a lot of cpu power and time, so better
> don't deal with it for a simpley mail password.

A part of cryptography (including the secure password storage protocol) is
based on the fact that it costs a lot of cpu power and time to find the
password (eg. using a 128bits key, with brute-force attack, 2^128 different
keys must be tried).  By the term "light encryption" (as I understand it)
you are reffering using a smaller key, which does not get rid of the "hassle"
of entering the master password, but just weakens the security.

_______________________________________________
Imapfilter-devel mailing list
Imapfilter-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/imapfilter-devel



More information about the Imapfilter-devel mailing list