Re: [gnus git] Add ~/.authinfo to the default, since that's probably most useful for users.

[Ted Zlatanov <tzz@lifelogs.com>]

On Sat, 18 Sep 2010 13:47:39 +0200 Lars Magne Ingebrigtsen <larsi@gnus.org> wrote: 

LMI> Ted Zlatanov <tzz@lifelogs.com> writes:
>> I was trying to discourage people from putting their password in an
>> unencrypted file.  So I'm sort of OK with making the unencrypted file
>> the second choice, but I'd like to at least warn the user.  WDYT?

LMI> If it could be done unobtrusively...  I don't really like software that
LMI> tells me that what I'm doing is stupid, even though it's right.  :-)

An unobtrusive warning?  That's pretty useless, better not to bother the
user.

On Sat, 18 Sep 2010 14:50:38 +0200 Sebastian Krause <sebastian@realpath.org> wrote: 

SK> Personally, I don't like to enter my long GnuPG password every time
SK> I start up Gnus.

It's entered once per Emacs session.  If that's too much use the Secrets
API (KWallet or Gnome Seahorse).

SK> It's safe enough anyway because I use full disk encryption with
SK> LUKS.

That's a completely different type of security, though it's useful too.
Your passwords are in the clear to anything running in your environment,
right?

SK> Or maybe those passwords are not too important because they're only
SK> for a simple Usenet server. So, warning users shouldn't be too noisy
SK> because there might be good reasons of using the unencrypted file.

It's a balancing act (and a familiar problem since I've been a sysadmin
for a long time).  I'll just be quiet about this as long as it's the
second default choice.

On Sat, 18 Sep 2010 17:40:23 +0200 Lars Magne Ingebrigtsen <larsi@gnus.org> wrote: 

LMI> And if there was a nice, painless road towards storing the passwords in
LMI> ~/.authinfo.gpg, that would be nice.  That is, if the user is queried
LMI> for user name/password, then auth-source.el should store it encrypted,
LMI> and not in the plain ~/.authinfo file.

auth-source.el has nothing to do with it.  All the work is done by
EPA/EPG and I'm intentionally keeping auth-source.el agnostic of
encryption issues beyond mentioning the .gpg extension.

On Sat, 18 Sep 2010 23:29:01 +0200 Sebastian Krause <sebastian@realpath.org> wrote: 

SK> However, I just saw that even in case of an encrypted
SK> ~/.authinfo.gpg it's pretty easy to find out my IMAP password if
SK> Gnus is still running: It's simply shown in the *imap log*
SK> buffer. It's probably because imap.gmail.com uses cleartext login
SK> through SSL. Is there any way to not print out the password, but
SK> some kind of placeholder instead?

If the attacker has any access to Emacs, he can sniff the encryption
passphrase from the auth-source.el cache.  Sorry but ELisp (in Emacs or
XEmacs) is just not a secure environment; auth-source.el tries to at
least make it less necessary to store your passwords in an unencrypted
location.  Its main purpose is to provide a single place for all ELisp
code to get authentication tokens.

Ted