From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/58199 Path: main.gmane.org!not-for-mail From: "Ted Zlatanov" Newsgroups: gmane.emacs.gnus.general Subject: Re: authinfo encryption through netrc.el works now Date: 5 Aug 2004 18:09:05 -0400 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Sender: ding-owner@lists.math.uh.edu Message-ID: <4nllgtck5a.fsf@lifelogs.com> References: <4nwu0u8zht.fsf@lifelogs.com> <4noem1tmmp.fsf@lifelogs.com> <4nk6wlzbc2.fsf@koz.bwh.harvard.edu> <4n4qnl8mnw.fsf@lifelogs.com> <4noelsxi20.fsf@lifelogs.com> <4nacxaaloy.fsf_-_@lifelogs.com> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1091745053 14813 80.91.224.253 (5 Aug 2004 22:30:53 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 5 Aug 2004 22:30:53 +0000 (UTC) Cc: ding@gnus.org Original-X-From: ding-owner+M6740@lists.math.uh.edu Fri Aug 06 00:30:34 2004 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1Bsqks-00038T-00 for ; Fri, 06 Aug 2004 00:30:34 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1BsqkU-0000Wh-00; Thu, 05 Aug 2004 17:30:10 -0500 Original-Received: from util2.math.uh.edu ([129.7.128.23]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1BsqkQ-0000Wc-00 for ding@lists.math.uh.edu; Thu, 05 Aug 2004 17:30:06 -0500 Original-Received: from justine.libertine.org ([66.139.78.221] ident=postfix) by util2.math.uh.edu with esmtp (Exim 4.30) id 1BsqkP-0001Z3-VM for ding@lists.math.uh.edu; Thu, 05 Aug 2004 17:30:05 -0500 Original-Received: from mail.bwh.harvard.edu (sysblade0.bwh.harvard.edu [134.174.9.44]) by justine.libertine.org (Postfix) with ESMTP id 9EC2E3A003C for ; Thu, 5 Aug 2004 17:30:05 -0500 (CDT) Original-Received: (qmail 9407 invoked from network); 5 Aug 2004 22:22:21 -0000 Envelope-Sender: tzz@lifelogs.com Envelope-Recipients: jas@extundo.com, ding@gnus.org, Original-Received: from asimov.bwh.harvard.edu (HELO asimov) ([134.174.9.63]) (envelope-sender ) by mail.bwh.harvard.edu (qmail-ldap-1.03) with SMTP for ; 5 Aug 2004 22:22:20 -0000 Mail-Followup-To: "Simon Josefsson" , ding@gnus.org Original-To: "Simon Josefsson" X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" In-Reply-To: (Simon Josefsson's message of "Wed, 04 Aug 2004 19:55:56 +0200") User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3.50 (gnu/linux) Precedence: bulk Xref: main.gmane.org gmane.emacs.gnus.general:58199 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:58199 On Wed, 04 Aug 2004, jas@extundo.com wrote: > The point of separating reading the password and caching it, was that > code using password.el would typically look like: > > 1. Read password. > 2. Try to authenticate against server, invoke GPG using the password, etc. > 3. If authentication failed, goto 1. > 4. Cache the password. > > If the password is cached directly, and if the user type the wrong > password, that logic wouldn't work, and it would infloop steps 1, 2, > and 3. > > I realize that perhaps a better logic would be: > > 1. Read and cache password. > 2. Try to authenticate against server, invoke GPG using the password, etc. > 3. If authentication failed, clear password, and goto 1. > > And if the gnus-encrypt/netrc stuff use this logic, then fine, and > ignore this message. It doesn't, thanks for catching this potentially annoying bug. I'll work on fixing it - unfortunately there's no easy way right now in gnus-encrypt to catch all the failure modes when decrypting so that's where I will concentrate. Another thing I'll do is to use the cipher + the file name as password key. Right now all the GPG+AES encrypted files will be forced to use the same password. Thanks! Ted