From: Ted Zlatanov <tzz@lifelogs.com>
Cc: "Ding Mailing List" <ding@gnus.org>
Subject: Re: netrc.el now supports encoded files
Date: Tue, 06 Jan 2004 18:13:04 -0500 [thread overview]
Message-ID: <4nsmisy8lb.fsf@collins.bwh.harvard.edu> (raw)
In-Reply-To: <ilu1xqcesg3.fsf@latte.josefsson.org> (Simon Josefsson's message of "Tue, 06 Jan 2004 21:24:28 +0100")
On Tue, 06 Jan 2004, jas@extundo.com wrote:
> Or a crypt+++.el. It is a generally useful feature, so perhaps it
> is worth the effort to separate it from Gnus.
I saw crypt++.el, and it goes too far in my opinion. There's just too
much work to use it, and it interferes with file hooks. I'd rather
provide a simple interface to symmetric decoding of a file into a
buffer and decoding back, using external utilities or extensible
ciphers. I'll inquire on the emacs-devel list.
> The AES specification limit the key lengths and block lengths, if
> you need arbitrary data lengths or password-to-key derivation, you
> must invent your own -- or preferably, use something prepackaged,
> like CMS or OpenPGP.
OK, so we're back to external utilities... Maybe I'll prepend a
number to the string, so I know the length of the data, and then pad
it to the multiple that rijndael.el likes. I'd really like a
built-in cipher so we don't depend on any external utilities, even if
it's less secure.
> I'm not sure the current netrc.el approach should be advertised as
> secure, there is more to file encryption than using some block
> cipher in CBC mode, and deriving the key and iv from a password. It
> is more like obfuscation. OTOH, obfuscation is what people seem to
> want.
Let's be realistic, most people want some security but a minimum of
hassle. I think that netrc.el should actually complain if the netrc
file is plain text in future Gnus versions, *unless* the user says
it's OK. Whatever scheme we use, it's better than nothing.
> If the reason people want obfuscation is that real security is too
> costly to set up, using GnuPG for .netrc is probably a good idea --
> it is as easy to use as the current nerc.el appear to be, and at
> least it aspires to be secure.
I don't think there's Gnus support for any sort of encryption of netrc
files using GnuPG right now. How would one set that up? It was the
lack of such support that made me sit down and modify netrc.el.
Ted
next prev parent reply other threads:[~2004-01-06 23:13 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-05 23:22 Ted Zlatanov
2004-01-05 23:34 ` Jesper Harder
2004-01-06 1:02 ` Ted Zlatanov
2004-01-06 0:13 ` Steven E. Harris
2004-01-06 1:01 ` Ted Zlatanov
2004-01-06 21:57 ` Chris Green
2004-01-06 23:00 ` Ted Zlatanov
2004-01-06 23:25 ` Simon Josefsson
2004-01-06 23:58 ` Ted Zlatanov
2004-01-07 0:09 ` Simon Josefsson
2004-01-07 2:53 ` Lars Magne Ingebrigtsen
2004-01-08 22:03 ` Ted Zlatanov
2004-01-27 19:44 ` Ted Zlatanov
2004-01-07 14:47 ` Chris Green
2004-01-08 20:48 ` Ted Zlatanov
2004-01-06 13:28 ` Simon Josefsson
2004-01-06 19:58 ` Ted Zlatanov
2004-01-06 20:24 ` Simon Josefsson
2004-01-06 20:59 ` Steven E. Harris
2004-01-06 22:00 ` Simon Josefsson
2004-01-06 22:24 ` Simon Josefsson
2004-01-06 22:56 ` Ted Zlatanov
2004-01-06 23:13 ` Ted Zlatanov [this message]
2004-01-06 23:35 ` Simon Josefsson
2004-01-06 20:33 ` Simon Josefsson
2004-01-06 23:14 ` Ted Zlatanov
2004-01-06 23:19 ` Richard Hoskins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4nsmisy8lb.fsf@collins.bwh.harvard.edu \
--to=tzz@lifelogs.com \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).