Martin Baehr wrote:
just because it is possible to have a string both in a secured and non-secured version does not negate the advantage of not having secured strings in swap.
as long as it is not possible to relate a non-secure string to a secure one this should not be an issue. at least it is no worse than two unrelated people choosing the same password. knowing about one password does nothing to reveal the other one.
Well, if I needed to find a password, and I know it exists as a shared string, then dumping all strings (either by enumerating them or by dumping the whole core of the program and then fishing out all the strings), and then using all the found strings to launch an attack is likely to succeed in a shorter time than doing a full brute-force attack, and therefore is weaker than not having the string visible at all.