On 2012-01-05 11:21 AM, Willie Gillespie <wgilles...@es2eng.com> wrote:
If the phone knows the password and I have the phone, then I have the
password. Similarly, if I compromise the workstation that knows the
password, then I also have the password.
Interesting... I thought they were stored encrypted. I definitely use a
(strong) Master Password in Thunderbird to protect the passwords, so it
would take some doing on the workstations.
Even if the user doesn't know the password, the phone/workstation does.
And it has to be stored in a retrievable way.
Yes, if an attacker has unfettered physical access to the
workstation/phone, it can be compromised...
That's what he's trying to say when he was talking about a "$400 post-it
note."
Got it...
As I said, there is no perfect system... but ours has worked well in the
11+ years we've been doing it this way.
--
Best regards,
Charles
