Export Host File- Plain Text Password
-
Version 1.5.5
I have notice that when I export the host to a CSV file, the password that is used to join them to the domain is in plain text and not encrypted (possible bug?). I know that in previous version of Fog, the password was encrypted in the CSV file and not in plain text.
-
This encrypted form of the password has since been removed.
There’s multiple reasons for this, and the quickest reasoning was the encrypted form of the password contained both the IV and Passcode used to decrypt it in the first place. It looked confusing, but ultimately it had no better security than being in plain text. That and it added complexity to the base code, by having to encrypt, and before sending to the fog client being decrypted and reencrypted.
As the data is passed only between the client and the server in an encrypted format of which the encryption password changes every 30 minutes, having it encrypt->decrypt->encrypt didn’t add any value either.
This is intentional.
-
@Tom-Elliott Thanks for the information.