Loading ...
Sorry, an error occurred while loading the content.

48618Re: encrypt/decrypt functions for a session

Expand Messages
  • Charles E. Campbell, Jr.
    Dec 3, 2007
      Matt Wozniski wrote:

      >On Dec 3, 2007 2:05 PM, Charles E. Campbell, Jr. wrote:
      >
      >
      >>Assuming that I have an encrypt/decrypt function pair, the pid could be
      >>used as a single-session p/w that would be transparent to the user. I
      >>don't see any point in saving a ftp password but requiring the user to
      >>enter some other password to make the ftp password available. Such
      >>things as recording the hundredth of a second that vim/gvim started
      >>along with the pid would act as an improved session-only password.
      >>
      >>
      >
      >Sure, I understand that you could use it as a key to encrypt the
      >password, but what I'm really asking is what you gain from that. Is it
      >really more secure to have an encrypted string and its decryption key
      >stored in memory than it is to have an unencrypted string in memory?
      >Particularly on an open-source project where anyone who wants to can
      >view your source code?
      >
      >

      Where's the part where I said I'd store the session pid in some
      variable? Something like getpid() would be called during
      encrypt/decrypt, not stored.

      Chip Campbell


      --~--~---------~--~----~------------~-------~--~----~
      You received this message from the "vim_dev" maillist.
      For more information, visit http://www.vim.org/maillist.php
      -~----------~----~----~----~------~----~------~--~---
    • Show all 33 messages in this topic