thearkadia
commented
6 years ago @singpolyma did you ever receive an email or anything about an update to this?
Open singpolyma opened 7 years ago
thearkadia
commented
6 years ago @singpolyma did you ever receive an email or anything about an update to this?
I'm a bit confused about the whole "login" thing -- I mean, it seems strange to even have this feature in pocket home, since the window does not block the screen and anyone could just open a terminal or whatever using the keyboard, kill and restart pocket home. Why not delegate this kind of work to a real screen locking program?
Apart from that, the password seems to be stored using just plain SHA1, which is not a very good way to store a password. And also to compute this SHA1 by linking against OpenSSL, which is very probably in violation of the GPL3 license on this project.
I love most of the improvements in this fork, but I'm curious if these various security issues aren't better fixed by relying on an existing screen-locker instead of by doing all the work to fix them here.