849bdf42 |
1 | CRYPTOGRAPHY SUPPORT IN SQUIRRELSPELL |
2 | -------------------------------------- |
3 | |
4 | Starting with version v0.3 SquirrelSpell is capable of working with encrypted |
5 | user dictionaries. However, this option is only available when PHP |
6 | is compiled with support for MCRYPT. This is relatively easy -- to enable |
7 | MCRYPT support, follow instructions at: |
8 | |
7996c920 |
9 | http://www.php.net/mcrypt |
849bdf42 |
10 | |
11 | NOTE: You will need libmcrypt version 2.4.x or above for SquirrelSpell |
12 | to work. |
13 | |
14 | HOW IT'S DONE |
15 | -------------- |
16 | SquirrelSpell encrypts the dictionary with the user's mailbox password, |
17 | thus making the encryption/decryption process transparent to the user. |
18 | The algorythm used for encryption is Blowfish, but you may manually override |
19 | it in the code if you so wish. |
20 | |
21 | The only shortcoming this approach has -- when mailbox password is changed, |
22 | SquirrelSpell asks the user to enter the old password in order to re-encrypt |
23 | the file with the new key. If the user doesn't remember the password, then |
24 | the file is lost, unless you want to brute-force it open. |
25 | |
26 | The encryption is off by default and users are warned about remembering |
27 | their passwords before they enable encryption of their personal dictionary. |
28 | |
29 | I haven't tested the overhead. If anyone has any benchmarks -- you are |
30 | welcome to share them. |