[mailed and posted]
On Feb 17, 2005, at 2:19 PM, Homero Thomsom wrote:
> Hello, I want to communicate that when download the
> file config.xml I noticed that the password of the
> Dynamic DNS is without encryption.
13.16. Why are some passwords stored in plaintext in config.xml?
PPPoE/PPTP client, PPTP VPN, and DynDNS passwords as well as RADIUS and
IPsec shared secrets appear in plaintext in config.xml. This is a
deliberate design decision. The implementations of PPP, IKE, RADIUS and
the way DynDNS works require plaintext passwords to be available. We
could of course use some snake oil encryption on those passwords, but
that would only create a false sense of security. Since we cannot
prompt the user for a password each time a PPP session is established
or the DynDNS name needs to be updated, any encryption we apply to the
passwords can be reversed by anyone with access to the m0n0wall sources
- i.e. everybody. Hashes like MD5 cannot be used where the plaintext
password is needed at a later stage, unlike for the system password,
which is only stored as a hash. By leaving the passwords in plaintext,
it is made very clear that config.xml deserves to be stored in a secure
location (or encrypted with one of the countless programs out there).
Jeffrey Goldberg http://www.goldmark.org/jeff/