Privacy and passwords
Josh Sled
jsled at asynchronous.org
Thu Mar 6 10:25:13 EST 2008
Andrew Sackville-West <andrew at swclan.homelinux.org> writes:
> On Thu, Mar 06, 2008 at 08:55:34AM -0500, Josh Sled wrote:
>> David Lee Lambert <lamber45 at msu.edu> writes:
>> > That said, it should be easy to implement for the XML file. Right now, the
>> > GNUcash file is compressed XML with a "gnc-v2" root element. Someone could
>> > define a new "gnc-v2-encrypted" element with "algorithm" and "salt"
>>
>> This is more complex than just encrypting the whole file, as `gpg -c
>> $datafile` would do. If someone wanted to implement encryption, a symmetric
>> approach using a "libgnupg" or something would probably be reasonable; it
>> could prompt for the passphrase on file open/save.
>
> and cache the passphrase, or else prompt at every auto-save... and
> what about log files? one may want to encrypt custom reports and other
> bits of .gnucash or else you'll be providing strings that are
> guaranteed to be in the data file, which IIUC help in decryption
> efforts.
It might help a known-plaintext attack of Actual Cryptanalysis™, but that's
almost never the way these things are broken. Getting the key from a
keylogger or memory, or subverting the library, or something far simpler.
http://www.youtube.com/watch?v=JDaicPIgn9U
--
...jsled
http://asynchronous.org/ - a=jsled; b=asynchronous.org; echo ${a}@${b}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.gnucash.org/pipermail/gnucash-user/attachments/20080306/c85043e1/attachment.bin
More information about the gnucash-user
mailing list