15.12. Why are some passwords stored in plaintext in config.xml?

PPPoE/PPTP client, PPTP VPN, L2TP VPN, and DynDNS passwords as well as RADIUS and IPsec shared secrets appear in plaintext in config.xml. This is a deliberate design decision. The implementations of PPP, IKE, RADIUS and the way DynDNS works require plaintext passwords to be available. We could of course use some snake oil encryption on those passwords, but that would only create a false sense of security. Since we cannot prompt the user for a password each time a PPP session is established or the DynDNS name needs to be updated, any encryption we apply to the passwords can be reversed by anyone with access to the SmallWall sources - i.e. everybody. Hashes like MD5 cannot be used where the plaintext password is needed at a later stage, unlike for the system password, which is only stored as a hash. By leaving the passwords in plaintext, it is made very clear that config.xml deserves to be stored in a secure location (or encrypted with one of the countless programs out there).