Hacker News new | comments | ask | show | jobs | submit login

Absolute money quote: "As far as the password storage goes, you are not up-to-date. They are stored base64-encoded now."



There's the argument that if someone has access to the passwords then they've already got enough control over the computer to do whatever other damage they like - like reading them out of memory after they're decrypted.

Base64 at least provides some protection against somebody looking at it with their eyes and memorizing them, which is perhaps a more likely scenario - family members, kids, etc.


Base64 provides no protection from malware that infects your machine and actively looks for this kind of stuff. Stored passwords from websites, ftp programs, key safes, etc.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: