Skip to content
This repository has been archived by the owner on Mar 7, 2021. It is now read-only.

Is keytar safe enough? #32

Closed
baruchiro opened this issue Jan 3, 2020 · 1 comment
Closed

Is keytar safe enough? #32

baruchiro opened this issue Jan 3, 2020 · 1 comment
Labels
brainstorming Brainstorm regarding project design help wanted Extra attention is needed security

Comments

@baruchiro
Copy link
Owner

baruchiro commented Jan 3, 2020
edited
Loading

It seems that every node process can retrieve passwords stored by keytar by our process.

This is a limitation that is described in the keytar bug, and it seems to be a security weakness that software generally does not want to take responsibility for (Chrome, for example).

I think we should keep all passwords secure with a user password.
For example, use the user password as an encryption key.
@baruchiro baruchiro added brainstorming Brainstorm regarding project design help wanted Extra attention is needed security labels Jan 3, 2020
@baruchiro baruchiro mentioned this issue Jan 3, 2020
Merged
@baruchiro baruchiro mentioned this issue Dec 21, 2020
Open
@baruchiro
Copy link
Owner Author

moved to brafdlog/caspion#152

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
brainstorming Brainstorm regarding project design help wanted Extra attention is needed security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@baruchiro