From: Ted Zlatanov <tzz@lifelogs.com>
To: ding@gnus.org
Subject: Re: Emacs Cloud
Date: Mon, 10 Feb 2014 08:32:59 -0500 [thread overview]
Message-ID: <87wqh36qk4.fsf@lifelogs.com> (raw)
In-Reply-To: <m3sirrqrxc.fsf-ueno@gnu.org>
On Mon, 10 Feb 2014 17:43:11 +0900 Daiki Ueno <ueno@gnu.org> wrote:
DU> I wasn't really following the discussion, but I now suspect the use of
DU> symmetric encryption here might be irrelevant in the first place. Do
DU> you plan to use untrusted (even authenticated, e.g. Gmail) IMAP servers
DU> for file sharing, right?
DU> If so, those symmetrically encrypted data can be a target of dictionary
DU> attacks. You will be giving unlimited time to attackers (or server
DU> admins) cracking your encrypted data.
Primarily, the data is the Gnus configuration (including topology) and
group marks, the newsrc.eld IIUC. Encrypting it may not justify the
full asymmetric infrastructure, especially with the use cases of "you're
a guest on a machine without the ability to install software" and
"you're a guest on a machine and you can't obtain a GnuPG agent
connection to a secure machine" (both common in corporate settings).
It's still a concern, though, as the Gnus newsrc can at least indicate
your reading habits. I personally don't bother to hide or encrypt my
newsrc.eld on shared machines, but wouldn't want it easily exposed to
IMAP server admins. I think it should be a user choice how that data
should be encrypted.
Lars mentioned he would like to put the authinfo data in the cloud as
well. I think *that* should definitely require an explicit choice by
the user and it would make sense to apply asymmetric encryption to that
data specifically, if the authinfo is already encrypted (has the .gpg
extension).
Either way, I plan to treat the authinfo data as keychain entries rather
than one big block of data, storing them separately and allowing them to
be updated individually. That would mitigate the dictionary attack risk
even with symmetric encryption. auth-source.el will need some work, but
it's due for a refactoring anyhow.
The "encrypted tokens" I added and the plist support you added in
auth-source could also be useful here to mitigate the risk, since
decrypting the authinfo lines doesn't give access to the secrets.
However we approach it, I think the user should have some choice in the
matter and we should allow for the two use cases I mentioned above.
Ted
next prev parent reply other threads:[~2014-02-10 13:32 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-01 4:55 Lars Ingebrigtsen
2014-02-01 10:11 ` Ted Zlatanov
2014-02-01 12:10 ` Rasmus
2014-02-01 16:49 ` Steinar Bang
2014-02-01 20:23 ` Rasmus
2014-02-01 21:37 ` Ted Zlatanov
2014-02-01 21:50 ` Andreas Schwab
2014-02-02 5:03 ` Ted Zlatanov
2014-02-02 8:23 ` Andreas Schwab
2014-02-04 12:55 ` Ted Zlatanov
2014-02-02 22:17 ` Steinar Bang
2014-02-01 20:48 ` Lars Ingebrigtsen
2014-02-01 21:43 ` Ted Zlatanov
2014-02-01 21:44 ` Lars Ingebrigtsen
2014-02-01 22:32 ` Lars Ingebrigtsen
2014-02-02 5:04 ` Ted Zlatanov
2014-02-02 5:14 ` Lars Ingebrigtsen
2014-02-02 5:21 ` Lars Ingebrigtsen
2014-02-02 17:17 ` Ted Zlatanov
2014-02-02 22:53 ` Lars Ingebrigtsen
2014-02-02 23:20 ` Julien Danjou
2014-02-02 23:22 ` Lars Ingebrigtsen
2014-02-02 23:39 ` Julien Danjou
2014-02-02 23:46 ` Lars Ingebrigtsen
2014-02-03 8:08 ` David Engster
2014-02-03 13:14 ` Tassilo Horn
2014-02-03 14:58 ` David Engster
2014-02-04 12:53 ` Ted Zlatanov
2014-02-04 13:25 ` David Engster
2014-02-06 0:49 ` Emacs Cloud (coverage and killed groups) Lars Ingebrigtsen
2014-02-07 2:49 ` Lars Ingebrigtsen
2014-02-07 8:56 ` Julien Danjou
2014-02-07 10:40 ` Peter Münster
2014-02-08 2:35 ` Lars Ingebrigtsen
2014-02-07 13:24 ` Ted Zlatanov
2014-02-03 14:53 ` Emacs Cloud Ted Zlatanov
2014-02-03 15:04 ` David Engster
2014-02-03 14:45 ` Ted Zlatanov
2014-02-02 17:20 ` Ted Zlatanov
2014-02-02 22:50 ` Lars Ingebrigtsen
2014-02-02 5:08 ` Ted Zlatanov
2014-02-05 7:46 ` Steinar Bang
2014-02-05 23:05 ` Lars Ingebrigtsen
2014-02-05 23:06 ` Lars Ingebrigtsen
2014-02-07 13:28 ` Ted Zlatanov
2014-02-08 4:13 ` Lars Ingebrigtsen
2014-02-10 8:43 ` Daiki Ueno
2014-02-10 13:32 ` Ted Zlatanov [this message]
2014-02-11 12:14 ` Lars Ingebrigtsen
2014-02-11 13:25 ` Daiki Ueno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wqh36qk4.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).