| 849bdf42 |
1 | CRYPTOGRAPHY SUPPORT IN SQUIRRELSPELL |
| 2 | -------------------------------------- |
| 3 | |
| 4 | Starting with version v0.3 SquirrelSpell is capable of working with encrypted |
| 5 | user dictionaries. However, this option is only available when PHP |
| 6 | is compiled with support for MCRYPT. This is relatively easy -- to enable |
| 7 | MCRYPT support, follow instructions at: |
| 8 | |
| 9 | http://www.php.net/manual/en/ref.mcrypt.php |
| 10 | |
| 11 | NOTE: You will need libmcrypt version 2.4.x or above for SquirrelSpell |
| 12 | to work. |
| 13 | |
| 14 | HOW IT'S DONE |
| 15 | -------------- |
| 16 | SquirrelSpell encrypts the dictionary with the user's mailbox password, |
| 17 | thus making the encryption/decryption process transparent to the user. |
| 18 | The algorythm used for encryption is Blowfish, but you may manually override |
| 19 | it in the code if you so wish. |
| 20 | |
| 21 | The only shortcoming this approach has -- when mailbox password is changed, |
| 22 | SquirrelSpell asks the user to enter the old password in order to re-encrypt |
| 23 | the file with the new key. If the user doesn't remember the password, then |
| 24 | the file is lost, unless you want to brute-force it open. |
| 25 | |
| 26 | The encryption is off by default and users are warned about remembering |
| 27 | their passwords before they enable encryption of their personal dictionary. |
| 28 | |
| 29 | I haven't tested the overhead. If anyone has any benchmarks -- you are |
| 30 | welcome to share them. |
projects / squirrelmail.git / blame