Author Topic: 2 passwords?  (Read 1724 times)

0 Members and 1 Guest are viewing this topic.

Offline rejetto

  • Administrator
  • Tireless poster
  • *
  • Posts: 12949
    • View Profile
2 passwords?
« on: April 13, 2002, 08:46:21 AM »
I think to give &RQ the ability to manage 2 distinct passwords.
They will be the same until the user decide to change them.
This will be an option for people who wants a deeper protection.

One is the password server-side, that has to be fully saved to be passed to the server, thus insecure cause with-no-key encrypted on disk.

The second one is a password use for encryption. We would use it to encrypt the password1, history, and anything else.
This can be saved in an HASHED way, such as MD5.
So that people cannot retrieve it also if they steal our hard disk :)
And also password1 would be secure.

Right now our passwords are saved with no key. There will be a simple decrypt software out there when i release sources, maybe.

I think it is a good idea, but not sure yet about bad effects.

Please comments.