Security of Freeplane's password mechanism

Security of Freeplane's password mechanism

Postby petra1973 » Sat Mar 08, 2014 10:01 pm

Hi,

to be able to use my maps from any place and with different systems, I store some of my maps using the DROPBOX cloud service. Within the maps, I not only store information free to be used but sometimes "sensitive" data (e.g. access data and passwords). To be kind of certain that nobody reads these sensible portions, I always used Freeplane's built-in password mechanism.

Now, as the question of "security of personal data" gets more and more into the focus, I would like to know, HOW SECURE Freeplane's password mechanism is and under which circumstances the users and developers here would recommend putting information into the cloud which was secured using this password mechanism. Are there security measures? Which technical concepts are the basis for the implemented password mechanism?

Thanks.
petra1973
 
Posts: 14
Joined: Sun Mar 11, 2012 12:17 pm

Re: Security of Freeplane's password mechanism

Postby boercher » Sat Mar 08, 2014 11:52 pm

As far as I see Freeplane still uses the same encryption scheme as FreeMind.

The algorithm ("PBEWithMD5AndDES") that is used is for example discussed at Stackoverflow. It seems that the algorithm is not be strong enough for really sensitive data.

Volker
boercher
 
Posts: 644
Joined: Tue Jul 26, 2011 7:13 am

Re: Security of Freeplane's password mechanism

Postby jokro » Sun Mar 09, 2014 9:46 am

Is there a programmer who could implement a better mechanism ?
May be the class mentioned in http://stackoverflow.com/questions/992019/java-256-bit-aes-password-based-encryption could be used?
Regards
Jodi
jokro
 
Posts: 486
Joined: Sun Jul 24, 2011 2:56 pm


Return to Open Discussion

Who is online

Users browsing this forum: No registered users and 1 guest