[Gambas-user] A couple of ?s about encryption
mikeB
mikeB at ...3673...
Mon Aug 14 01:45:11 CEST 2017
Thansk to all that responded to my query - think I can get on the right
path now.
mikeB
On 08/13/2017 02:36 PM, Tony Morehen wrote:
> Don't use .hidden. There is nothing secure about and its only used by
> the development/installation environments. Hidden directories in
> general do nothing for security.
>
> Don't worry about open source/GNU. All encryption programs use the
> same well known algorithms. It's passwords that guarantee security,
> not the algorithm. BTW, like hidden files, there is no security from
> obscurity.
>
> As far as shelling to a third-party encryption program like gpg or
> openssl, those programs are good and produce secure outputs, depending
> of course on the algorithm selected. However, the act of shelling
> exposes you to several attacks like man-in-the-middle. Not recommended.
>
> So internal encryption is recommended and Gambas has the gb.crypt and
> gb.openssl components to lighten your workload. Also, gb.desktop has
> several password-related functions that can save and retrieve
> passwords from your system's wallet/keyring.
>
> gb.crypt includes several one way hash algorithms like md5 or
> sha-256. With these, you save the password hash and then compare
> hashes on future logins. With these, you never save the actual
> passwords and the hashes are virtually impossible to decrypt.
>
> For two way encryption, where you need to go from plain text to
> encrypted text back to plain text, look at gb.openssl. It has methods
> for symmetric encryption (one password to both encrypt and decrypt
> text) and for asymmetric encryption(two passwords, one to encrypt and
> one to decrypt). Public key private key encryption is an example of
> the latter. Text encrypted with the private key can only be decrypted
> by the public key and vice versa.
>
>
> On 2017-08-13 01:59 PM, mikeB wrote:
>> eGreeetings,
>> I am starting a project that involves encryption of passwords and
>> user names - storing and recalling them.
>>
>> 1st ? = i noticed Gambas can save and recall files from a ".hidden"
>> directory. If the files are encrypted before
>> saving to a hidden dir - how secure is this? In other words would an
>> experienced coder be able to find and
>> copy these files? Would this be the secure/ recommended way/ place to
>> store these files?
>>
>> 2nd ? = shelling out to the "gpg" command line to encrypt / decrypt
>> the password files be a secure way of
>> doing this or is there a better way (i.e. writing the encryption code
>> within the Gambas project)?
>>
>> 3rd ? = Now a GNU question from a real newbie on this subject. With
>> this type of program (Protected Passwords)
>> how in the heck could it be released under GNU? Or should it be?
>> Don't understand how it could possibly be
>> "protected" if the source code was available to all?
>>
>> Any suggestions, from the group, would be GREATLY APPRECIATED!
>> mikeB
>>
>>
>>
>> ------------------------------------------------------------------------------
>>
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Gambas-user mailing list
>> Gambas-user at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/gambas-user
>
>
>
> ------------------------------------------------------------------------------
>
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Gambas-user mailing list
> Gambas-user at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/gambas-user
More information about the User
mailing list