[jitsi-users] Encryption of Saved Passwords


#1

Hello,

I am interested in learning more about how Jitsi protects saved
passwords on clients. I saw this ticket:
https://github.com/jitsi/jitsi/issues/211

However I was wondering if you could elaborate more on how this
works. What is the method of encryption used? Is there a way to
completely disable the ability to save passwords locally instead?

Thanks,

Andrew Martin


#2

They are encrypted
AES/ECB/PKCS5PADDING. The key comes from the master-password which is obtained with PBKDF2WithHmacSHA1, 1024 iterations. By default a static Master-password is used.

You can set the property
net.java.sip.communicator.util.swing.auth.ALLOW_SAVE_PASSWORD";
To false to disable the option of saving a password.

Freundliche Grüsse,
Ingo Bauersachs

-- sent from my mobile

···

On 02.02.2016, at 10:14, Andrew Martin <amartin@xes-inc.com> wrote:

Hello,

I am interested in learning more about how Jitsi protects saved
passwords on clients. I saw this ticket:
https://github.com/jitsi/jitsi/issues/211

However I was wondering if you could elaborate more on how this
works. What is the method of encryption used? Is there a way to
completely disable the ability to save passwords locally instead?

Thanks,

Andrew Martin

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#3

Ingo,

Thanks for the clarification.

Andrew

···

----- Original Message -----

From: "Ingo Bauersachs" <ingo@jitsi.org>
To: "Jitsi Users" <users@jitsi.org>
Sent: Tuesday, February 2, 2016 1:01:18 AM
Subject: Re: [jitsi-users] Encryption of Saved Passwords

They are encrypted

AES/ECB/PKCS5PADDING. The key comes from the master-password which is
obtained with PBKDF2WithHmacSHA1, 1024 iterations. By default a static
Master-password is used.

You can set the property
net.java.sip.communicator.util.swing.auth.ALLOW_SAVE_PASSWORD " ;
To false to disable the option of saving a password.

Freundliche Grüsse,
Ingo Bauersachs