From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/84218
Path: news.gmane.org!not-for-mail
From: Lars Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: Emacs Cloud
Date: Tue, 11 Feb 2014 04:14:40 -0800
Message-ID: <87a9dxkfrj.fsf@building.gnus.org>
References: <877g9fxwih.fsf@building.gnus.org>
	<87d2j140t1.fsf@building.gnus.org> <87lhxnaw6g.fsf@lifelogs.com>
	<877g966y3u.fsf@building.gnus.org> <m3sirrqrxc.fsf-ueno@gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1392121052 17141 80.91.229.3 (11 Feb 2014 12:17:32 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 11 Feb 2014 12:17:32 +0000 (UTC)
Cc: ding@gnus.org
To: Daiki Ueno <ueno@gnu.org>
Original-X-From: ding-owner+M32470@lists.math.uh.edu Tue Feb 11 13:17:40 2014
Return-path: <ding-owner+M32470@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from util0.math.uh.edu ([129.7.128.18])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <ding-owner+M32470@lists.math.uh.edu>)
	id 1WDCHR-0007Xe-9C
	for ding-account@gmane.org; Tue, 11 Feb 2014 13:17:37 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by util0.math.uh.edu with smtp (Exim 4.63)
	(envelope-from <ding-owner+M32470@lists.math.uh.edu>)
	id 1WDCGE-0007cJ-1N; Tue, 11 Feb 2014 06:16:22 -0600
Original-Received: from mx2.math.uh.edu ([129.7.128.33])
	by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63)
	(envelope-from <larsi@gnus.org>)
	id 1WDCGC-0007c3-4L
	for ding@lists.math.uh.edu; Tue, 11 Feb 2014 06:16:20 -0600
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx2.math.uh.edu with esmtps (TLSv1:AES128-SHA:128)
	(Exim 4.76)
	(envelope-from <larsi@gnus.org>)
	id 1WDCG6-0000Ew-Ah
	for ding@lists.math.uh.edu; Tue, 11 Feb 2014 06:16:15 -0600
Original-Received: from hermes.netfonds.no ([80.91.224.195])
	by quimby.gnus.org with esmtp (Exim 4.80)
	(envelope-from <larsi@gnus.org>)
	id 1WDCG4-00038I-S2
	for ding@gnus.org; Tue, 11 Feb 2014 13:16:12 +0100
Original-Received: from [204.14.154.233] (helo=building.gnus.org)
	by hermes.netfonds.no with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.72)
	(envelope-from <larsi@gnus.org>)
	id 1WDCFq-0007KZ-UM; Tue, 11 Feb 2014 13:15:59 +0100
In-Reply-To: <m3sirrqrxc.fsf-ueno@gnu.org> (Daiki Ueno's message of "Mon, 10
	Feb 2014 17:43:11 +0900")
User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3.50 (gnu/linux)
X-MailScanner-ID: 1WDCFq-0007KZ-UM
MailScanner-NULL-Check: 1392725759.62953@igVFRBV5JudaGJKSGx1rJg
X-Spam-Status: No
X-Spam-Score: -1.9 (-)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:84218
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/84218>

Daiki Ueno <ueno@gnu.org> writes:

> I wasn't really following the discussion, but I now suspect the use of
> symmetric encryption here might be irrelevant in the first place.  Do
> you plan to use untrusted (even authenticated, e.g. Gmail) IMAP servers
> for file sharing, right?
>
> If so, those symmetrically encrypted data can be a target of dictionary
> attacks.  You will be giving unlimited time to attackers (or server
> admins) cracking your encrypted data.  That's why people normally don't
> want to upload their secret keys in ~/.ssh or ~/.gnupg (even if they are
> password-protected by default).

We're talking about storing the data at a host you trust enough that you
let them store your unencrypted mail, which probably reveals more about
you than any .newsrc data would ever do.

However, that doesn't mean that Gnus shouldn't try to make things safer
for you if you want.  Somebody that runs an IMAP server for you already
has some of your credentials on hand, as well as the data from a
thousand password resets emails.  Storing the .newsrc data with
symmetric encryption helps against 1) accidental data leakage (when
somebody is watching the output of tcpdump) or 2) idle curiosity (when
somebody has too much time on their hands and are grubbing through
data).  If it's a directed attack by the owners of the IMAP server,
you're probably screwed, anyway.

In addition to storing the newsrc data, I also want to store the
relevant bits from your .authinfo.  That's the really ticklish bits.
If you're connecting to a couple of news servers that require NNTP
passwords, those would also be stored in the encrypted chunks.  However,
those aren't the most secret secrets in the universe, anyway.  Most NNTP
servers don't even support TLS, so you're sending those credentials
using plain text.

So to sum up:

1) Carthage should be destroyed.

2) Symmetric encryption is good enough for this use case.

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/