[Design] On encrypting passwords
mimi at osafoundation.org
Thu Mar 22 08:54:13 PST 2007
Do any non-Windows / non-Apple apps use the OS keychain? As in, is
there a reason we can't use the OS keychain?
On Mar 22, 2007, at 9:41 AM, Grant Baillie wrote:
> On 22 Mar, 2007, at 09:34, Mimi Yin wrote:
>> Hi Heikki,
>> How does this relate to OS keychains? How do Outlook, Apple Mail
>> and Thunderbird encrypt your passwords? or do they?
> I can answer some of these (dunno about Outlook).
> - This is unrelated to OS keychains (i.e. doesn't use them in any
> - Apple Mail uses the OS keychain for password encryption. So does
> - Thunderbird has its own password encryption feature. So does
> Firefox. I don't think the two share any data, but I could be wrong.
>> On Feb 20, 2007, at 3:33 PM, Heikki Toivonen wrote:
>>> Chandler has the ability to remember passwords, and many high
>>> programs (e.g. Firefox) that have this ability can encrypt these
>>> Doing encryption/decryption like this traditionally requires the
>>> user to
>>> set a master password. The master password is never stored on
>>> disk, it
>>> will be asked from the user on demand, and may be remembered in
>>> until program shutdown or timeout.
>>> I think we need to provide some level of encryption support in
>>> timeframe. For example, I think our users should be able to
>>> submit their
>>> repositories to us for debugging purposes without us learning their
>>> Do we want to default to requiring a master password to encrypt and
>>> decrypt the other passwords?
>>> Or do we start unencrypted, offer a "encrypt" checkbox in the
>>> dialog, and also when making a repository backup/dump? (I think I am
>>> slightly in favor of this.)
>>> Do we want to provide encrypting arbitrary items/attributes? (I
>>> worry about this until after Preview.)
>>> Do we want to protect the passwords in memory? I must point out that
>>> this would be quite a bit of work, and it is not certain we could
>>> cover all cases (passing password strings into libraries we may
>>> not have
>>> control over, for example). This would involve things like: clear
>>> master password on timeout, never store the other passwords in clear
>>> text except for the moment when they are needed, zero out the actual
>>> bits in memory once done, prevent password memory from being swapped
>>> out, etc. (I wouldn't worry about passwords in memory myself.)
>>> Please note that Chandler already supports encrypting the entire
>>> repository. An alternative on some operating systems is to ask
>>> the OS to
>>> encrypt the disk/directory where the repository is.
>>> Another thing to note is that many OSes provide password safes of
>>> own with naturally platform specific APIs. I am not suggesting we
>>> try to
>>> hook up with these in Preview timeframe.
>>> Reply-to set to design.
>>> Heikki Toivonen
>>> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
>>> Open Source Applications Foundation "Design" mailing list
>> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
>> Open Source Applications Foundation "Design" mailing list
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> Open Source Applications Foundation "Design" mailing list
More information about the Design