- Timestamp:
- 2006-08-14T13:25:05Z (18 years ago)
- Branches:
- master
- Children:
- d1f8759
- Parents:
- d5ccd83
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
doc/README
rd5ccd83 r08cdb93 155 155 ==================== 156 156 157 BitlBee stores the accounts and settings (not your contact list though) in 158 some sort of encrypted/obfuscated format. 159 160 *** THIS IS NOT A SAFE FORMAT! *** 161 162 You should still make sure the rights to the configuration directory and 163 files are set so that only root and the BitlBee user can read/write them. 164 165 This format is not to prevent malicicous users from running with your 166 passwords, but to prevent accidental glimpses of the administrators to cause 167 any harm. You have no choice but to trust root though. 157 There used to be a note here about the simple obfuscation method used to 158 make the passwords in the configuration files unreadable. However, BitlBee 159 now uses a better format (and real encryption (salted MD5 and RC4)) to store 160 the passwords. This means that people who somehow get their hands on your 161 configuration files can't easily extract your passwords from them anymore. 162 163 However, once you log into the BitlBee server and send your password, an 164 intruder with tcpdump can still read your passwords. This can't really be 165 avoided, of course. The new format is a lot more reliable (because it can't 166 be cracked with just very basic crypto analysis anymore), but you still have 167 to be careful. The main extra protection offered by the new format is that 168 the files can only be cracked with some help from the user (by sending the 169 password at login time). 170 171 So if you run a public server, it's most important that you don't give root 172 access to people who like to play with tcpdump. Also, it's a good idea to 173 delete all *.nicks/*.accounts files as soon as BitlBee converted them to the 174 new format (which happens as soon as the user logs in, it can't be done 175 automatically because it needs the password for that account). You won't 176 need them anymore (unless you want to switch back to an older BitlBee 177 version) and they only make it easier for others to crack your passwords. 168 178 169 179 … … 192 202 BitlBee - An IRC to other chat networks gateway 193 203 <http://www.bitlbee.org/> 194 Copyright (C) 2002-200 5Wilmer van der Gaast <wilmer@gaast.net>204 Copyright (C) 2002-2006 Wilmer van der Gaast <wilmer@gaast.net> 195 205 and others
Note: See TracChangeset
for help on using the changeset viewer.