mIRC Homepage

Encrypted server passwords

Posted By: EneergE

Encrypted server passwords - 08/04/09 07:31 PM

With the ability to connect to servers using SSL, I think it is now a good idea to also include the ability to encrypt server passwords in the servers.ini file.

Currently, all the passwords are stored in plaintext in the servers.ini file. I think there should be some sort of secure encryption method ran on the password before it's stored.
Posted By: Sat

Re: Encrypted server passwords - 08/04/09 08:54 PM

Exactly which attack scenario would this address? Remember that mIRC would need the matching decryption key to be able to actually use the passwords in servers.ini later, meaning that that decryption key would have to be stored locally as well. Not unlike locking your front door and then putting the key under the door mat.
Posted By: EneergE

Re: Encrypted server passwords - 23/04/09 08:32 PM

Well, typically, it would address the issue that anybody could open an ini file and see a password there in plaintext. However, I guess it is actually a better idea to just not save the passwords, because running an md5 on it or something similar really isn't going to help much for someone who wants the information. smile

I'll make some sort of dialog asking for the password, I guess.
Posted By: starbucks_mafia

Re: Encrypted server passwords - 23/04/09 09:49 PM

If you're using a non-Starter/Home version of XP or Vista you can simply encrypt your home directory (or just mIRC's settings directory) using Windows' built-in NTFS encryption layer which works transparently from mIRC's point-of-view.
© 2022 mIRC Discussion Forums