Privacy and passwords
Andrew Sackville-West
andrew at swclan.homelinux.org
Thu Mar 6 14:03:04 EST 2008
On Thu, Mar 06, 2008 at 10:25:13AM -0500, Josh Sled wrote:
> Andrew Sackville-West <andrew at swclan.homelinux.org> writes:
> > On Thu, Mar 06, 2008 at 08:55:34AM -0500, Josh Sled wrote:
> >> David Lee Lambert <lamber45 at msu.edu> writes:
> >> > That said, it should be easy to implement for the XML file. Right now, the
> >> > GNUcash file is compressed XML with a "gnc-v2" root element. Someone could
> >> > define a new "gnc-v2-encrypted" element with "algorithm" and "salt"
> >>
> >> This is more complex than just encrypting the whole file, as `gpg -c
> >> $datafile` would do. If someone wanted to implement encryption, a symmetric
> >> approach using a "libgnupg" or something would probably be reasonable; it
> >> could prompt for the passphrase on file open/save.
> >
> > and cache the passphrase, or else prompt at every auto-save... and
> > what about log files? one may want to encrypt custom reports and other
> > bits of .gnucash or else you'll be providing strings that are
> > guaranteed to be in the data file, which IIUC help in decryption
> > efforts.
>
> It might help a known-plaintext attack of Actual Cryptanalysis™, but that's
> almost never the way these things are broken. Getting the key from a
> keylogger or memory, or subverting the library, or something far simpler.
>
> http://www.youtube.com/watch?v=JDaicPIgn9U
nice link. thanks. Pretty amazing stuff, really.
A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.gnucash.org/pipermail/gnucash-user/attachments/20080306/94f6fc2c/attachment.bin
More information about the gnucash-user
mailing list