-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-07-26 17:35, Anton Aylward wrote:
On 07/26/2015 09:37 AM, Carlos E. R. wrote: .
Fetchmail stores the passwords in a plain text file, which is only protected by the Linux user password while the system is running. A laptop can be stolen and the passwords simple read from the disk.
The 'inventor' of fetchmail says <quote src="http://www.catb.org/esr/writings/homesteading/cathedral-bazaar/ar01s09.html">
Another lesson is about security by obscurity. Some fetchmail users asked me to change the software to store passwords encrypted in the rc file, so snoopers wouldn't be able to casually see them.
I didn't do it, because this doesn't actually add protection. Anyone who's acquired permissions to read your rc file will be able to run fetchmail as you anyway—and if it's your password they're after, they'd be able to rip the necessary decoder out of the fetchmail code itself to get it.
Well, that's true. You need a mechanism that asks the user to type a master password to decrypt the stored passwords.
</quote>
Well, yes, having .fetchmail on a encrypted partition is a second order pseudo-secret. When you are logged in and active that partition is "unlocked" so you can use it.
Not exactly, because you need to enter a password to open the partition at some point. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlW1lp0ACgkQja8UbcUWM1zemQD/TMyyX+qpnA/DZDAp+TuI+H7b yemw/RJetwEmTpfr3YIA/1Vaf8zkQn/aw5UwmTFUlo19WL5p+zZeuzotPHOeP9jT =l5qS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org