From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/72117 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.gnus.general Subject: Re: Password protection Date: Tue, 28 Sep 2010 09:47:33 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87sk0t3oxm.fsf@lifelogs.com> References: NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1285685304 20025 80.91.229.12 (28 Sep 2010 14:48:24 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 28 Sep 2010 14:48:24 +0000 (UTC) To: Original-X-From: ding-owner+M20490@lists.math.uh.edu Tue Sep 28 16:48:23 2010 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1P0bTc-0005CT-Kz for ding-account@gmane.org; Tue, 28 Sep 2010 16:48:16 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1P0bTZ-0003Oh-QO; Tue, 28 Sep 2010 09:48:13 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1P0bTX-0003OO-Ro for ding@lists.math.uh.edu; Tue, 28 Sep 2010 09:48:11 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1P0bTT-0003cY-FF for ding@lists.math.uh.edu; Tue, 28 Sep 2010 09:48:11 -0500 Original-Received: from chirelay1o.jumptrading.com ([38.98.147.153] helo=chirelay1.jumptrading.com) by quimby.gnus.org with esmtp (Exim 3.36 #1 (Debian)) id 1P0bTS-0007uq-00 for ; Tue, 28 Sep 2010 16:48:06 +0200 Original-Received: from chirelay1.jumptrading.com (unknown [127.0.0.1]) by chirelay1.jumptrading.com (Symantec Mail Security) with ESMTP id 7D61D320034 for ; Tue, 28 Sep 2010 09:47:35 -0500 (CDT) X-AuditID: 26629395-a0d23bb000002b60-53-4ca200070be0 Original-Received: from chiexchange02.w2k.jumptrading.com (unknown [38.98.147.140]) by chirelay1.jumptrading.com (Symantec Mail Security) with ESMTP id 46DC12DC008 for ; Tue, 28 Sep 2010 09:47:35 -0500 (CDT) Original-Received: from internalsmtp.w2k.jumptrading.com (10.2.4.29) by chiexchange02.w2k.jumptrading.com (10.2.4.71) with Microsoft SMTP Server id 8.1.291.1; Tue, 28 Sep 2010 09:47:34 -0500 Original-Received: from tzlatanov-ubuntu-desktop.jumptrading.com ([10.2.14.81]) by internalsmtp.w2k.jumptrading.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 28 Sep 2010 09:47:34 -0500 X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" In-Reply-To: (Lars Magne Ingebrigtsen's message of "Tue, 28 Sep 2010 16:17:57 +0200") User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux) X-OriginalArrivalTime: 28 Sep 2010 14:47:34.0804 (UTC) FILETIME=[164CB540:01CB5F1C] X-Brightmail-Tracker: AAAAAA== X-Spam-Score: -1.9 (-) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:72117 Archived-At: On Tue, 28 Sep 2010 16:17:57 +0200 Lars Magne Ingebrigtsen wrote: LMI> I find it sort of puzzling that we have to jump through all these hoops LMI> to get at credentials. I mean, Firefox users don't have to set up a gpg LMI> agent or type their passwords a gazillion times, so why should users? Look at it the other way: why shouldn't they set up a GPG agent or enter a passphrase? (assuming that entering the passphrase more than once is a bug I plan to fix) With the Secrets API they don't need even that much (you should really try it), but there's a baseline of "I am authorized to open a secure file." By comparison, Chrome and Firefox store passwords in a format that's pretty easy to decrypt and only requires reading files (e.g. see http://www.blogsdna.com/12040/how-to-recover-stored-google-chrome-passwords.htm) The user can always set up an unencrypted file if he doesn't like encryption. So I'd argue that Emacs has, practically speaking, better security *externally* than Firefox, Chrome, or most other web browsers with a authinfo.gpg file. Now from the inside, yes, it's a candy store of passwords, and that's a concern. But Doing It Right requires a lot of infrastructure that Emacs Lisp doesn't have. And Firefox and Chrome extensions can get at your passwords too AFAIK. LMI> So here's my thought: If there was a C-level function that would slurp LMI> in your ~/.authinfo.gpg data, and then let you use it, but without LMI> actually ever letting a Lisp-level function see the passwords -- LMI> wouldn't that be nice? LMI> Here's how I see it working: LMI> 1) Gnus calls (authinfo-store-tokens "~/.authinfo.gpg"), and the user is LMI> (probably) prompted for a password. LMI> 2) The data is stored in the C layer, probably obfuscated in some way. LMI> 3) A new C function is added: LMI> (process-send-auth process "LOGIN larsi %p\n\r" LMI> '((:hosts ("imap.gmail.com")) LMI> (:ports ("imaps" "imap" 443)) LMI> (:user ("larsi")))) LMI> This function would then work just like `process-send-string', only that LMI> it roots out the first matching password from the auth info first, and LMI> expand the string sent. LMI> That way the Lisp application layer will never actually see the LMI> password, but it will be able to control what's otherwise being sent, LMI> and what credentials to use in a flexible manner. You're basically describing the Secrets API, which does this over D-Bus, allows saving a password, and has many other features. So we could have (auth-source-upload-secrets "authinfo.gpg") to do (1) differentially or as an overwrite and then (2) and (3) would Just Work persistently. Ted