Encryption: the whole file or only text in file? #38
Comments
|
Hi there, I'm new to open source and thought this was a nice simple project to jump into. I think encrypting the whole file is fine - after all an instance of this program is focused around one user. the amount of data that is being encrypted wouldn't be concerning; I can't see efficiency or overhead or anything else being much of an issue. Java has a nice cryptography library. we could use an AES encryption using a salt-and-hash of the application-login data as a key. That would be secure. |
|
I think encrypt the whole file and the text in the files. The user will have to have a password to log into the file. Log in with a username and password for a specific user, e.g. admin, SSmith, BAdams. Only show the passwords to authenticated users. Do not show unnecessary passwords to users who do not have current permissions, admin grants permissions to users etc. I have used AES password manager. It will be good to have other alternative password manager programs to use, for security reasons of course. You can use different encryption methods, MD5, sha1, encryption, etc. |
|
A few suggestions:
|
(this is a discussion, I cannot apply labels to issues)
Passwords and unser names have to be stored as secure as possible. What are the pros and cons to encrypt the whole file and decrypt it at login time. What ideas do you have?
The text was updated successfully, but these errors were encountered: