Persona is no longer an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 357473 - please remove signons.txt password obfuscation
: please remove signons.txt password obfuscation
Product: Toolkit
Classification: Components
Component: Password Manager (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
: Matthew N. [:MattN]
Depends on:
  Show dependency treegraph
Reported: 2006-10-20 23:50 PDT by Robert Millan
Modified: 2008-07-31 04:30 PDT (History)
6 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description Robert Millan 2006-10-20 23:50:43 PDT
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; ca; rv: Gecko/20060830 Firefox/ (Debian-1.5.dfsg+
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; ca; rv: Gecko/20060830 Firefox/ (Debian-1.5.dfsg+

Please remove password obfuscation from signons.txt.  It is annoying and useless.

Rationale copied from

Obscure a password. This means we do something to store the password in some format other than plain text, but we automatically convert it for you. This is security by obscurity, and is a Very Bad Thing™ in that it gives users a false sense of security. A false sense that we (Gaim developers) believe would be worse to have than to let informed users deal with the password issue themselves. Consider that a naive user might think that it is safe to share his or her accounts.xml, because the passwords are "encrypted".

Reproducible: Always
Comment 1 Jo Hermans 2006-10-21 07:51:09 PDT

For the base64-decode (when no master password is used), I agree. But we shouldn't make it too easy for spyware to grab the password either. 

How about making the master password mandatory ?
Comment 2 Robert Millan 2006-10-21 12:53:26 PDT
Having to type a master password is something I'd find much more impractical than copying passwords (my passwords tend to be 32-byte random alphanumeric and almost never type them manualy) from the GUI tab by hand.

In my system only trusted eyes are able to see my signons.txt, but I understand that you want to support insecure systems with malware too.  Can we find a solution that satisfies both situations?  Obfuscating only provides a false sense of security and malware can get over that easily.  I'm not familiar with master passwords; are these used to encrypt the data?  Perhaps you could encourage them (specialy in insecure systems), but still provide a way for expert users not to use them?

Comment 3 Jesse Ruderman 2006-10-21 16:01:46 PDT
Yes, master passwords are used to encrypt stored web site passwords.
Comment 4 Justin Dolske [:Dolske] 2007-06-01 11:49:10 PDT
It doesn't make sense to me to deliberately make things plaintext, even though obscuring entries technically doesn't provide much security.

But security aside, the reason they're like this is that all the code follows a common path. The entries are encrypted with a key from key3.db, and that key may-or-may-not be protected with a master password. Not encrypting anythin would result in two separate code paths, which would double testing requirements and generally just not make sense.
Comment 5 Mike Connor [:mconnor] 2007-08-06 03:46:43 PDT
Agreed.  Adding a no-encryption codepath seems like a losing proposition to me.

This has nothing to do with security through obscurity, and everything to do with keeping the codepaths simple.

Note You need to log in before you can comment on or make changes to this bug.