From: Lars Ingebrigtsen <larsi@gnus.org>
To: Daiki Ueno <ueno@gnu.org>
Cc: ding@gnus.org
Subject: Re: Emacs Cloud
Date: Tue, 11 Feb 2014 04:14:40 -0800 [thread overview]
Message-ID: <87a9dxkfrj.fsf@building.gnus.org> (raw)
In-Reply-To: <m3sirrqrxc.fsf-ueno@gnu.org> (Daiki Ueno's message of "Mon, 10 Feb 2014 17:43:11 +0900")
Daiki Ueno <ueno@gnu.org> writes:
> I wasn't really following the discussion, but I now suspect the use of
> symmetric encryption here might be irrelevant in the first place. Do
> you plan to use untrusted (even authenticated, e.g. Gmail) IMAP servers
> for file sharing, right?
>
> If so, those symmetrically encrypted data can be a target of dictionary
> attacks. You will be giving unlimited time to attackers (or server
> admins) cracking your encrypted data. That's why people normally don't
> want to upload their secret keys in ~/.ssh or ~/.gnupg (even if they are
> password-protected by default).
We're talking about storing the data at a host you trust enough that you
let them store your unencrypted mail, which probably reveals more about
you than any .newsrc data would ever do.
However, that doesn't mean that Gnus shouldn't try to make things safer
for you if you want. Somebody that runs an IMAP server for you already
has some of your credentials on hand, as well as the data from a
thousand password resets emails. Storing the .newsrc data with
symmetric encryption helps against 1) accidental data leakage (when
somebody is watching the output of tcpdump) or 2) idle curiosity (when
somebody has too much time on their hands and are grubbing through
data). If it's a directed attack by the owners of the IMAP server,
you're probably screwed, anyway.
In addition to storing the newsrc data, I also want to store the
relevant bits from your .authinfo. That's the really ticklish bits.
If you're connecting to a couple of news servers that require NNTP
passwords, those would also be stored in the encrypted chunks. However,
those aren't the most secret secrets in the universe, anyway. Most NNTP
servers don't even support TLS, so you're sending those credentials
using plain text.
So to sum up:
1) Carthage should be destroyed.
2) Symmetric encryption is good enough for this use case.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog http://lars.ingebrigtsen.no/
next prev parent reply other threads:[~2014-02-11 12:14 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-01 4:55 Lars Ingebrigtsen
2014-02-01 10:11 ` Ted Zlatanov
2014-02-01 12:10 ` Rasmus
2014-02-01 16:49 ` Steinar Bang
2014-02-01 20:23 ` Rasmus
2014-02-01 21:37 ` Ted Zlatanov
2014-02-01 21:50 ` Andreas Schwab
2014-02-02 5:03 ` Ted Zlatanov
2014-02-02 8:23 ` Andreas Schwab
2014-02-04 12:55 ` Ted Zlatanov
2014-02-02 22:17 ` Steinar Bang
2014-02-01 20:48 ` Lars Ingebrigtsen
2014-02-01 21:43 ` Ted Zlatanov
2014-02-01 21:44 ` Lars Ingebrigtsen
2014-02-01 22:32 ` Lars Ingebrigtsen
2014-02-02 5:04 ` Ted Zlatanov
2014-02-02 5:14 ` Lars Ingebrigtsen
2014-02-02 5:21 ` Lars Ingebrigtsen
2014-02-02 17:17 ` Ted Zlatanov
2014-02-02 22:53 ` Lars Ingebrigtsen
2014-02-02 23:20 ` Julien Danjou
2014-02-02 23:22 ` Lars Ingebrigtsen
2014-02-02 23:39 ` Julien Danjou
2014-02-02 23:46 ` Lars Ingebrigtsen
2014-02-03 8:08 ` David Engster
2014-02-03 13:14 ` Tassilo Horn
2014-02-03 14:58 ` David Engster
2014-02-04 12:53 ` Ted Zlatanov
2014-02-04 13:25 ` David Engster
2014-02-06 0:49 ` Emacs Cloud (coverage and killed groups) Lars Ingebrigtsen
2014-02-07 2:49 ` Lars Ingebrigtsen
2014-02-07 8:56 ` Julien Danjou
2014-02-07 10:40 ` Peter Münster
2014-02-08 2:35 ` Lars Ingebrigtsen
2014-02-07 13:24 ` Ted Zlatanov
2014-02-03 14:53 ` Emacs Cloud Ted Zlatanov
2014-02-03 15:04 ` David Engster
2014-02-03 14:45 ` Ted Zlatanov
2014-02-02 17:20 ` Ted Zlatanov
2014-02-02 22:50 ` Lars Ingebrigtsen
2014-02-02 5:08 ` Ted Zlatanov
2014-02-05 7:46 ` Steinar Bang
2014-02-05 23:05 ` Lars Ingebrigtsen
2014-02-05 23:06 ` Lars Ingebrigtsen
2014-02-07 13:28 ` Ted Zlatanov
2014-02-08 4:13 ` Lars Ingebrigtsen
2014-02-10 8:43 ` Daiki Ueno
2014-02-10 13:32 ` Ted Zlatanov
2014-02-11 12:14 ` Lars Ingebrigtsen [this message]
2014-02-11 13:25 ` Daiki Ueno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a9dxkfrj.fsf@building.gnus.org \
--to=larsi@gnus.org \
--cc=ding@gnus.org \
--cc=ueno@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).