On Wed, Sep 11, 2024 at 10:06:05AM -0500, R Losey wrote: > On Wed, Sep 11, 2024 at 9:56 AM Fred Bone <f...@mandfb.me.uk> wrote: > > > On 10 September 2024 at 14:09, R Losey said: > > > > > Well, but think about it... after the password is entered, THEN what? The > > > "correct" password would have to be stored somewhere so that GnuCash > > could > > > verify what is entered is correct, and clearly saving the password in > > > clear text is not secure. Because the software is open source, anyone > > > could read the steps taken to secure the password, and that would be a > > > huge help in breaking the password. > > > > Clearly you don't know anything about how password protected files are > > handled. > > > > The password is NOT stored anywhere. It doesn't need to be. So there is > > no code taking "steps to secure the password". > > > > The program doesn't need to "verify what is entered is correct", beyond > > attempting to use it to decrypt the data. That either works or it > > doesn't. > > > > It's certainly possible that Im am lacking knowledge... I was thinking of > the *nix passwords which are (used to be) stored in encrypted form in the > /etc/passwd file. > No, they're not. What's stored is the result of applying an algorithm to the password you supply. So, you enter a password, the password is 'scaarmbled' by the password checking software and, if the resulting scramble matches your entry in the password file (actually the shadow file nowadays) you can log in.
In reality it's even a bit more complicated than this, but anyway the password isn't stored in any way. -- Chris Green _______________________________________________ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user ----- Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
