r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

[Core] Discuss core issues

Henrik
20-Sep-2009
[14762]
I've wondered how useful it is not to store the password itself, 
but encrypting each keypress instead on top of the last keypress.
Maxim
20-Sep-2009
[14763]
know that I understand that ultimately there is no method to hide 
any data.
Gabriele
20-Sep-2009
[14764]
I mean that thing that humans have that's called "memory".
Maxim
20-Sep-2009
[14765x2]
yes ...  and it forgets   ;-)
I have a record right now of 67 passwords I have to remember... I 
mean I can't remember all of them.
Gabriele
20-Sep-2009
[14767x4]
right, so you have two options: you make sure noone can access your 
files (like you make sure noone can access your credit card), or 
you make sure you don't forget.
I do remember dozens of passwords, but this is not the point. Now 
you're talking about a different thing, which is a password manager.
A password manager encrypts all your passwords using a single password 
that you have to remember. so you remember just one.
In decent operating systems, that is standard with the OS, so what 
your app does is just communicate with the password manager and store 
passwords there.
Maxim
20-Sep-2009
[14771]
yep, but it can be broken, just like any other system, cause it, 
like any system has to store those passwords somewhere.
Gabriele
20-Sep-2009
[14772x3]
as long as the master password is not stored anywhere... you are 
safe.
No, it does not have to store the master password anywhere.
You need at least one password you don't store; otherwise, you can 
only try to keep your files out of anyone else hands.
Maxim
20-Sep-2009
[14775]
true
Gabriele
20-Sep-2009
[14776x2]
And, this is not a problem that *your* app has to solve. It is just 
wasted time for you. Either you make use of a password manager, or 
just use obfuscation.
I'd just use encloak with some random text. If you think it's easy 
enough to get a system specific key, you might do that, but I don't 
know if users will be happy to find out that their passwords don't 
work anymore when they upgrade their PC or move to another computer.
Maxim
20-Sep-2009
[14778x2]
its for a client app... so its not a big issue... its only so the 
software remembers the login for subsequent calls to the server... 
just like all the browsers & OS "do you want   xxxxxx   to remember 
this password"
I'll use real encryption (using command)
Gabriele
20-Sep-2009
[14780]
Right, and do you think that the browsers are secure, or use a secret 
algorithm for that? :)
Maxim
20-Sep-2009
[14781]
its a choice I make.  and I know every single piece of data on my 
computer is vulnerable.
Gabriele
20-Sep-2009
[14782x2]
using real encryption does not make any difference... but anyway.
that is what I'm saying... so why waste time with some complicated 
scheme to store the password?
Maxim
20-Sep-2009
[14784x2]
I mean Gabriele, no system in the world is ultimately secure.  The 
point is only to make it unfeasible.
cause its going to be requested from every user the first time they 
have to "re-login"  ;-)
Gabriele
20-Sep-2009
[14786x5]
I don't think my point is clear...
I'm saying that it's a waste of time to try to make it "more secure"
or "more unfeasible"
just use encloack and obfuscate it so that it does not jump to the 
eyes.
if someone *wants* to get your password they will get it. so why 
bother?
Maxim
20-Sep-2009
[14791x2]
to make the client happy (the one paying for the application  ;-)
I mean paying me to build it... not the end-user ... ;-)
Gabriele
20-Sep-2009
[14793]
is the client paying you to use a machine specific id and some secret 
encryption scheme?
Maxim
20-Sep-2009
[14794x3]
he'll want the stored password  toat least require effort and thus 
a real cracker to break the binary. 


this feature will be added later, if ever, it wont for initial public 
release specifically for the reasons you talk about and which I already 
had the same conclusions.
toat = to at
this discussion just re-inforces my POV wrt not including the password 
save feature for now.
Gabriele
21-Sep-2009
[14797]
what does you make presume that he'll want that? and, what does "real 
cracker" mean?
Graham
30-Sep-2009
[14798x2]
What's the quick way of getting the root directory ?

This seems tortuous 

rootdir: to-file rejoin [ "/" second parse/all what-dir "/" "/" ]
copy/part what-dir 3

is shorter
BrianH
30-Sep-2009
[14800]
On Windows: read %//
Graham
30-Sep-2009
[14801x2]
sorry ... I meant I want %/c/   ... and not read the directory
ie. want the path
BrianH
30-Sep-2009
[14803x2]
Then your second method is best, unless you are on a UNC path, then 
try this: copy/part find/tail next what-dir "/"
Sorry, this:
rootdir: copy/part rootdir: what-dir find/tail next rootdir "/"
Sunanda
30-Sep-2009
[14805]
Does this do it?
    clean-path %//
BrianH
30-Sep-2009
[14806x3]
It should. It does on R3. Let me try it on R2.
Yup. On R3 it's slower though, sincee clean-path is mezz.
On R3 the fastest way is this: head clear find/tail next what-dir 
"/"
Graham
30-Sep-2009
[14809x2]
http://rebol.wik.is/Cheyenne/Upload-file.rsp
don't think I'll need UNC path support :)
BrianH
30-Sep-2009
[14811]
I use it a lot :)