[lug] fetchmail

[D. Stimits]

Calvin Dodge wrote:
> 
> On Tue, Jul 03, 2001 at 01:49:47PM -0600, D. Stimits wrote:
> > John Hernandez wrote:
> > >
> > encrypt the pass with something better than xor, but not necessarily
> > strong encryption (script kiddies don't usually know how to decrypt
> > without a script for the particular scenario).
> 
> True.  But _if_ you're using plain old (non-encrypted) POP3, then a script kiddie who roots your box can get it by sniffing the POP3 traffic.


In the case of fetchmail though, it can be run by non-root users. This
means every user account (without root level privs) has the pass written
to a standard file in the home directory. It requires a lot less than
root access at that point. wvdial is special because it only allows
root. If a general pass encryption algo was implemented that was easy
for developers to use (not a one-way hash), there would be some
improvement. In the case of non-root users that put their pass on the
drive in plain text, then use ssh to stop snooping, they are still at
far more risk than someone who has no pass on the drive (or at least has
one that the average person won't be able to comprehend without someone
helping). In the case of steganography (for those who don't know, the
hiding of information by embedding it in something else in a way that
does not seem obvious), an encryption algorithm does not need to be
complicated or strong (and could even be useful without encryption).

D. Stimits, stimits at idcomm.com

> 
> Calvin
> --
> Calvin Dodge
> Certified Linux Bigot (tm)
> http://www.caldodge.fpcc.net
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug