lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 14 Oct 2010 17:46:13 +1100
From: silky <michaelslists@...il.com>
To: Christian Sciberras <uuf6429@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, Mutiny <mutiny@...inbeardsucks.com>
Subject: Re: Filezilla's silent caching of user's
	credentials

On Thu, Oct 14, 2010 at 5:39 PM, Christian Sciberras <uuf6429@...il.com> wrote:
> > Not all attackers are created
> > equally.
>
> I still see this a simple matter of violating KISS to introduce a layer of encryption.
> The question is, to which end? Sure, an attacker might see the encrypted
> file and think it's "too difficult" for him to get to the passwords. Another
> might use a certain utility to decrypt the said file. The thing is, to which end are
> we encrypting the data? Just for the sake of making it work like the N other programs?
> I mean, if this doesn't *work*, why even *bother*?

Sorry, but your comments are totally useless here and can't even
really be addressed properly, given their quite ridiculous nature. You
are missing the point of the encryption, and it is not my job to
convince you, and any further comments with anyone other than the
developer are useless.


> > There is no question here. There is no discussion. It should be done,
> > and if it is not, password saving should be stopped in FileZilla or an
> > alternative program should be sought. It's that simple.
>
> Great. If it's so simple that it can be done in under 10 mins, go complain
> to them.

This email thread *is* a direct complaint to them, after bugs have
been closed for years. I didn't start this thread. Do you even
understand what is going on here? Your emails suggest you do not.


> Cheers,
> Chris.


-- 
silky

http://dnoondt.wordpress.com/

"Every morning when I wake up, I experience an exquisite joy — the joy
of being this signature."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists