severity 321413 wishlist retitle 321413 All passwords stored in XML and TXT are saved in cleartext! thanks
On Fri, Aug 05, 2005, Jan wrote: > I am using MyPasswordSafe for a long time. By accident I took a look to > my default passwordsafe-file "~/.passwörter.xml" and was scared because > all passwords are safed in cleartext! No encryption! Yes, it is cleartext for XML and TXT as warned in the manual, and when you "save as..." (UNENCRYPTED). Here is an extract from /usr/share/doc/mypasswordsafe/html/manual.html >>> <p>Password Safe is a similiar to MyPasswordSafe, but runs only on Windows. Files created by Password Safe can be opened by MyPasswordSafe and vice-versa. The files are encrypted using the Blowfish algorithm, and are presumed to be secure. Use <i>dat</i> for the extension. </p> <p>Text files should <b><font color="red">NEVER</font></b> be used. All information is stored unencrypted. If you find them useful, go ahead and use them. </p> <a href="#top">Back to top</a> <<< I set the severity to wishlist, as it may be useful (you may know better than me) to also encrypt xml and txt files. Maybe Khalid will want to close it, as this is documented. -- adn Mohammed Adnène Trojette
