Is this secure?
steve at REMOVE-THIS-cybersource.com.au
Thu Feb 25 18:15:50 CET 2010
On Thu, 25 Feb 2010 15:05:56 +0100, mk wrote:
> On 2010-02-25 02:07, Steven D'Aprano wrote:
>> On Wed, 24 Feb 2010 18:23:17 +0100, mk wrote:
>>> Anyway, the passwords for authorized users will be copied and pasted
>>> from email into in the application GUI which will remember it for
>>> them, so they will not have to remember and type them in.
>> So to break your application's security model, all somebody has to do
>> is use their PC and they have full access to their account?
>> Or get hold of the copy and paste buffer?
>> Or the application's config files?
> Yes. There's no way around this, short of forcing them to use hardware
> key, which is an overkill for this application.
Of course there is. Why don't you find out how applications with real
security work, instead of making up amateur insecure schemes or worrying
about insignificant deviations from uniformity in your password generator?
You can't get hold of a user's login password in Linux or Windows by
grabbing the copy-and-paste buffer, or by looking in the password file.
No hardware key required.
Today, you say that your application only needs weak security because the
value of the accounts are low. (If they're that low, why do you need a
password at all?) But tomorrow, your application will be bigger, better,
new and improved, with remote logins over the Internet and much more
value -- and it will still be using the same crappy weak security that it
has now, I guarantee it.
If you are storing the password, instead of a hash, you fail.
If you are storing a hash without a salt, you fail.
Yes, an awful lot of software do these things. They shouldn't, even for
supposed "low value passwords".
>> Or your users might be sensible enough to not trust a role-your-own
>> security model, and prefer to memorize the password than to trust that
>> nobody will get access to their PC.
> The app is not that critical, it's about quarterly subscription to the
> service, and the users will be able to reset the password anyway.
And when users realise that they don't need to buy a subscription, they
just need to steal a password from somebody else, what does that do to
your business model?
More information about the Python-list