[Security] Feature Request - Password protecting the private files on disk

[GoogleCodeExporter]

The quick start design on first run is great, but I'd really like at least an 
option to encrypt the hostname and privatekey files with a password on disk 
with a prompt for the password when the app starts. Basically, never have 
sensitive bits are unencrypted on disk, just in memory as needed.

Ideally, a yes/no dialog 'would you like to password protect your account' as 
part of the quick start too, but at least an option to turn it on later

Original issue reported on code.google.com by bobby.qu...@gmail.com on 13 Jan 2011 at 4:46

[GoogleCodeExporter]

the problem is: Tor needs the public_key file on disk. I don't have a solution 
for this yet. This is why I recommend to use it together with TrueCrypt.

I would have to implement some sort of truecrypt light completely from scratch 
that creates and mounts a ram disk and it would have to do this without admin 
rights and be cross platform if I wanted to implement this functionality in 
TorChat. This is the reason I did not even try to do this and instead recommend 
an existing tool.

TorChat has the primary intention to provide really private instant messaging 
for the masses, private communication for 2 users and not 3 like all the other 
existing IM solutions (2 users + provider == 3 users communicating).

I'm still thinking about how I can improve this a bit but I would not want to 
implement a half baked solution (decrypt to disk and delete afterwards). This 
means this problem has low priority at the moment until I have an idea that is 
really simple and good at the same time.

Original comment by prof7...@gmail.com on 14 Jan 2011 at 3:15

• Added labels: Type-Enhancement, Priority-Low, Component-Persistence

[GoogleCodeExporter]

Original comment by prof7...@gmail.com on 14 Jan 2011 at 3:15

• Added labels: Security