On Thu, Dec 18, 2014 at 02:09:24PM +0000, Stuart Henderson wrote: > On 2014/12/18 13:40, John Long wrote: > > On Thu, Dec 18, 2014 at 01:30:23PM +0000, Stuart Henderson wrote: > > > On 2014/12/18 12:38, Christian Weisgerber wrote: > > > > On 2014-12-17, Stuart Henderson <st...@openbsd.org> wrote: > > > > > > > > > claws-mail uses encrypt() for password obfuscation in the saved config > > > > > file (.claws-mail/accountrc), which was removed from libc. > > > > > > > > > > So an alternative diff below. It isn't particularly nice but does > > > > > unbreak the port... Does anyone have a better idea? > > > > > > > > Doesn't changing the obfuscation, including removing it, mean that > > > > a user's saved passwords are now lost? > > > > > > Yes. > > > > This could be very problematical since Claws doesn't offer the user a way to > > view the password they saved and there is no warning when you type one in > > that it's a one-way deal. I know of at least one person who didn't save his > > email account passwords elsewhere, figuring Claws would surely allow him to > > view/edit them later. He had to patch the code to spit out all the decrypted > > passwords <big stupid grin> > > https://github.com/b4n/clawsmail-password-decrypter
I patched my copy to write out a file of userids and passwords but that would have been nice if it existed at the time. > > > > I suppose the other option would be to add the removed DES code as a > > > patch in the port.. > > > > I see no valid reason for encrypting them in the first place and would be > > happy for this feature to go away transparently. But if you fixup > > accountrc that would break Claws on other platforms when trying to import an > > accountrc from OpenBSD with unencrypted passwords. That would be A Bad > > Thing. > > That's already the case with FreeBSD. No further objections, Your Honor ;-) /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary / \ http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
