[Chugalug] Dropbox (and other Python Apps) Reverse-Engineered
dave at brockmans.com
Wed Aug 28 21:40:45 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 8/28/2013 2:47 PM, Benjamin Stewart wrote:
> I agree. In fact, that's my strategy.
> The problem I've run into in the past, however, is essentially the
> same as dropbox's biggest problem above. That is, being able to do
> something automatically for the user without making them enter a
> password every single time. As soon as you cache a password(or
> token), you have a secret. You can't encrypt it securely, either,
> because the code must necessarily have the key at that point, and
> your attacker can see the code and the key.
> I suppose the proper answer is simply never to do that, but people
> (users, not me!) want programs to remember them.
At some point you have to make a decision. Convenience or Security.
You can't have both, I offer the past three decades of computing
history as my proof.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Chugalug