[GNC] Recommendations for hosting gnucash file - Google Drive, Microsoft 365, Local server?
R Losey
rlosey at gmail.com
Wed Sep 11 17:04:50 EDT 2024
On Wed, Sep 11, 2024 at 10:47 AM Chris Green <cl at isbd.net> wrote:
> On Wed, Sep 11, 2024 at 10:06:05AM -0500, R Losey wrote:
> > On Wed, Sep 11, 2024 at 9:56 AM Fred Bone <Fred at mandfb.me.uk> wrote:
> >
> > > On 10 September 2024 at 14:09, R Losey said:
> > >
> > > > Well, but think about it... after the password is entered, THEN
> what? The
> > > > "correct" password would have to be stored somewhere so that GnuCash
> > > could
> > > > verify what is entered is correct, and clearly saving the password in
> > > > clear text is not secure. Because the software is open source, anyone
> > > > could read the steps taken to secure the password, and that would be
> a
> > > > huge help in breaking the password.
> > >
> > > Clearly you don't know anything about how password protected files are
> > > handled.
> > >
> > > The password is NOT stored anywhere. It doesn't need to be. So there is
> > > no code taking "steps to secure the password".
> > >
> > > The program doesn't need to "verify what is entered is correct", beyond
> > > attempting to use it to decrypt the data. That either works or it
> > > doesn't.
> > >
> >
> > It's certainly possible that Im am lacking knowledge... I was thinking of
> > the *nix passwords which are (used to be) stored in encrypted form in the
> > /etc/passwd file.
> >
> No, they're not. What's stored is the result of applying an algorithm
> to the password you supply. So, you enter a password, the password is
> 'scaarmbled' by the password checking software and, if the resulting
> scramble matches your entry in the password file (actually the shadow
> file nowadays) you can log in.
>
> In reality it's even a bit more complicated than this, but anyway the
> password isn't stored in any way.
>
Your last sentence gave me a laugh; it directly contradicts your previous
paragraph: "What's stored is the result of applying an algorithm to the
password you supply" -- so the password IS stored in some encrypted fashion
-- at the very least something related to the password is indeed stored.
I've often thought that they may use the password itself as the encryption
hash to encrypt the password, and that would make it (I think) pretty hard
to break, even knowing the algorithm.
--
_________________________________
Richard Losey
rlosey at gmail.com
Micah 6:8
More information about the gnucash-user
mailing list