When checking the Save Password box, it stores an encrypted pass in the spark.properties file. Could someone tell me what type of encryption is used here? Also, I’ve noticed there is a client control plugin available on Openfire, but disabling the save password option is not available. Is this possible now or in the foreseeable future?
It is stored in the file base64 encoded Single DES encryption with a key that is hard-coded in the source (ie- anyone can find it without too much trouble). Do NOT assume that because DES is used that is truely encrypted- its simply stored in a way that it cannot be casually viewed.