p2pnet - rss feed: P2M Encrypted Password
p2pnet.net News:- Peer2Mail, the first appplication to let you store and share files using your web-mail account, now has Encrypted Password, allowing you to share your web-mail account password securely, developer Ran Geva tells p2pnet.
“Just encrypt your password using P2M and share it with your friends,” he says. “P2M will decrypt the password straight to the password input box, so your password stays secret.”
He points out that some web-mail providers such as walla.com aren’t secure and, “show your password while you are logged in - this method is futile when using these services”.
P2M has SMTP server support meaninbg if you’re having problems sending a file with Direct Send or via MAPI, you can now utilize your ISP SMTP server.
“When using the SMTP server, you can send the segments to multiple accounts at once,” says Geva.
By way of other enhancements:
- P2M shows a progress percentage for each segment it sends.
- There’s a File Splitter, allowing you to split a file without sending it so you can then upload manually to your web-mail account; and,
- It has Forum and Chat
Geva tell us he’s already started working on version 1.2 which’ll include the major feature of auto downloading from web-mail account.
“P2M will list the files that it can download and the user can instruct it to download all the segment of a specific file - this will make P2M much more efficient,” he says, and:.
“I opened a forum and soon people will share accounts and files on the forum.”
==================
See:-
Site - Peer2Mail
October 2nd, 2004 at 11:38 pm
If P2M decrypts the password, what exactly is there to prevent
anyone from capturing said password after decryption?
Also, why can’t anyone just use decryption function of P2M
to get the passwords?
Or is P2M some server somewhere to acts as a trusted party
that holds all the passwords to unlock accounts?
The security model doesn’t make sense.
Need more info.
October 3rd, 2004 at 12:25 am
First I have to say that the password encryption is not bullet proof and if you REALLY wanted you can find it out using sophisticated methods. P2M decrypt the password only to the password input box of predefined websites (gmail, walla, yahoo, hotmail etc) so you cannot see the password after its decrypted. The password is decrypted locally and there is no server that holds passwords.
The reason I created this option is to lower the risks of someone locking your out of your account by changing the password. You know that once a user is logged in to the account he can delete the whole content, so there must be some kind of trust between the users. The encryption is just a way to prevent account locking – feeling more safe sharing your account. You can change the password at any time and lock it to anyone else – but only you the account holder.
October 3rd, 2004 at 9:35 am
I understand it is already better than using the password itself,
but I am concerned that you could obtain the password easily
by redirecting the output to yourself,
thus having users complain that the security is not effective.
For instance you could redirect the ip of the website to localhost
by adding a line in your host file
and set up a webserver on localhost.
This is a trivial example but you could route all request to a local server
since you can fool your own computer…
Not to that mention that reading the password from memory
with a debugger after decryption would not be that hard…
Is this option better if the user mistakenly thinks it is secure
when it probably is more obfuscation?
What is really neaded is a “read-only” password for e-mail accounts…
Or possibly the “secure authentification” that sends
a hash of the password instead of the password itself.
Since the hash is one-way it cannot be used to recover the password.
But the mail server needs to support that option,
so it knows to compare the hash and not the password.
I’m not sure how common that method is…
Keep up the good work!
October 3rd, 2004 at 10:15 am
All the things you said are true and I do warn the users that this method isnt bullet proof. The suggestions you mentioned are out of my hands as you said yourself - the servers need to support that. As I said before a sophisticated user can read the decrypted password.
A big part of P2M community is trust.
But, a user dont even have to share his account. users can trade. For example, I can ask you to send me a file and in return I will send one to your account.
If you do want to share your account, do it with friends who wont go through all the hassle to recover your password.
March 6th, 2005 at 11:46 pm
http://p2manyak.cjb.net/
May 4th, 2005 at 3:49 pm
March 20th, 2007 at 1:57 pm
There is a underground P2M Community that exists at
http://p2m.serveHTTP.com (requires registration)
they already released alot of stuff.
March 20th, 2007 at 1:59 pm
There is a underground P2M Community that exists at
http://p2m.serveHTTP.com (requires registration)
they already released alot of stuff.