"Having our passwords in plaintext is more secure than obfuscating them precisely because, when a user is not misled by a false sense of security, he is likely to use the software in a more secure manner."
I'm sorry but this is bullshit. The reason for the (admittedly weak) obfuscation is to keep out the casual snooper, e.g. your little brother or sister who shares the family computer. It's not meant to keep out a skilled cracker, nor to protect those savvy enough to think about these issues.
Why do we geeks tend to only think about things from our perspective? I think we should coin a phrase for it. Maybe the myth of the "sufficiently smart user".
It's a tradeoff. "dumb user and smart attacker" vs "start user and dumb attacker". Most users' assessment of security is "Could I break it?" which isn't a very good standard in terms of protecting against even a slightly savvy sibling who can download one of the programs mentioned.
You've missed an entire class of users. Believe it or not there are people who know nothing. Literally. They don't understand that when they save their password it's stored on their disk. They don't understand what a disk is, and they don't understand what a file is. They don't have the luxury of even thinking "could I break it", they are completely oblivious to the risks or how any part of the system works. A computer is like a television to these people. A black-box appliance.
I was baffled but there are people out there - not senior citizens but 20 year olds - that really don't understand or care to understand any of that stuff. It's a magic box to them. They have no idea chat histories are stored on disk even though they see them in MSN. The fact that they have logged in makes them think no one else can see them. Likewise the fact that their saved password is stored is over their head unless someone explains it to them. Not everyone has someone to tell them these things.
Yay for OSX, with nearly every app using your keychain (TDES encryption). Centrally integrated, secure password storage should be standard in OSes by now, as trusting every app (or website, without something like OpenID) to store your password securely is ludicrous. That's like expecting every programmer to be a security expert, and to make bug-free software (hint: HAHAHAHAH).
"Having our passwords in plaintext is more secure than obfuscating them precisely because, when a user is not misled by a false sense of security, he is likely to use the software in a more secure manner."...
...is completely laughable. I'd be willing to bet that the VAST majority of Pidgin users have no idea that their passwords aren't stored securely. To make matters worse, I don't recall Pidgin ever warning me that its storage was insecure, so they're not even trying to educate their users.
And TrueCrypt is an awesome concept + tool. Gotta love the ability to have an entire hard drive look like it's just random data. You can't get much better security than that, as you can deny there's anything there, and "they" don't even know where to begin.
"anyone with physical access to your PC" if that's the criterion, none of the proposed remedies really help. Someone with physical access to your machine or the ability to run privileged code will very likely get your passwords despite the quality of your Firefox master password.
Secure yourself by using secure habits (like locking your screen when you're away) and using strong passwords and then storing them somewhere.
A determined attacker with physical access to your system is basically impossible to stop. There are a myriad of ways they can figure out your password or log your keystrokes or memory to find it.
I feel that the real value in passwords is in securing network communications. In that case you simply need to be sure the protocol is secure and does not send the password over the wire (or air) in plain text or an easily extractable format.
The chance of someone trying to brute force your online accounts or sniffing your network traffic is much more likely than someone sneaking into your office and booting your desktop from a live CD. So I would rather have a very strong network password and a reasonably weak password manager passwords than not store my passwords and thus feel the pressure to make my online passwords easy to remember.
And this is a solved problem: if you don't want people analyzing your preference files and/or caches, put at least one layer of encryption between the two. All modern OSes support encrypting your home directory, and most of them also support encrypting your hard drive in its entirety. In either case, physical access becomes pretty useless.
I think we're talking about different definitions of "physical access"--you're probably meaning "being able to type on the keyboard and have the computer respond," while I just mean "being able to grab the HD and run." Encryption protects you from physical espionage as long as the computer is off, and they have to turn it on (and encounter the passphrase dialog.) Encryption doesn't protect you when it has already been unlocked, of course.
Yes, you're talking about a definition of 'physical access' you just made up in order to salvage your argument, while everyone else (including the original article) is using the commonly understood one of... well, having physical access to the computer.
That will appear in plain text in your terminal history file. And, if you are on a multi-user machine, even non-privileged users will be able to see your command line.
You should never put any password or private key on a command line (any command line, not just in your terminal). Instead, use the unix-standard getpass function or it's equivalent in your language/library of choice.
you can just run md5 alone and pass the "qwerty http://www.facebook.com<Enter><Ctrl-D> at its stdin. And its less to type too (Thats Ctrl-D at the end is to signal end of stream)
I'm sorry but this is bullshit. The reason for the (admittedly weak) obfuscation is to keep out the casual snooper, e.g. your little brother or sister who shares the family computer. It's not meant to keep out a skilled cracker, nor to protect those savvy enough to think about these issues.
Why do we geeks tend to only think about things from our perspective? I think we should coin a phrase for it. Maybe the myth of the "sufficiently smart user".