From: Daiki Ueno <ueno@gnu.org>
To: Lars Ingebrigtsen <larsi@gnus.org>
Cc: ding@gnus.org
Subject: Re: Emacs Cloud
Date: Tue, 11 Feb 2014 22:25:57 +0900 [thread overview]
Message-ID: <87y51hlr16.fsf-ueno@gnu.org> (raw)
In-Reply-To: <87a9dxkfrj.fsf@building.gnus.org> (Lars Ingebrigtsen's message of "Tue, 11 Feb 2014 04:14:40 -0800")
Lars Ingebrigtsen <larsi@gnus.org> writes:
> Somebody that runs an IMAP server for you already has some of your
> credentials on hand, as well as the data from a thousand password
> resets emails.
They are usually one-time use. I'm talking about off-line dictionary
attacks. They could use a gazillion of computers (off-line) cracking
your encryption passwords to see your credentials inside ~/.authinfo,
including ones for other IMAP servers.
> 2) Symmetric encryption is good enough for this use case.
I still don't get why you concluded this is "good enough". IMHO, the
use of symmetric encryption here is nothing but obfuscation. Why not
compress+base64 is good enough?
Anyway, I'd suggest to warn users about
- what data will be stored on remote server
- how it will be protected
when setting up, at least.
Regards,
--
Daiki Ueno
prev parent reply other threads:[~2014-02-11 13:25 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-01 4:55 Lars Ingebrigtsen
2014-02-01 10:11 ` Ted Zlatanov
2014-02-01 12:10 ` Rasmus
2014-02-01 16:49 ` Steinar Bang
2014-02-01 20:23 ` Rasmus
2014-02-01 21:37 ` Ted Zlatanov
2014-02-01 21:50 ` Andreas Schwab
2014-02-02 5:03 ` Ted Zlatanov
2014-02-02 8:23 ` Andreas Schwab
2014-02-04 12:55 ` Ted Zlatanov
2014-02-02 22:17 ` Steinar Bang
2014-02-01 20:48 ` Lars Ingebrigtsen
2014-02-01 21:43 ` Ted Zlatanov
2014-02-01 21:44 ` Lars Ingebrigtsen
2014-02-01 22:32 ` Lars Ingebrigtsen
2014-02-02 5:04 ` Ted Zlatanov
2014-02-02 5:14 ` Lars Ingebrigtsen
2014-02-02 5:21 ` Lars Ingebrigtsen
2014-02-02 17:17 ` Ted Zlatanov
2014-02-02 22:53 ` Lars Ingebrigtsen
2014-02-02 23:20 ` Julien Danjou
2014-02-02 23:22 ` Lars Ingebrigtsen
2014-02-02 23:39 ` Julien Danjou
2014-02-02 23:46 ` Lars Ingebrigtsen
2014-02-03 8:08 ` David Engster
2014-02-03 13:14 ` Tassilo Horn
2014-02-03 14:58 ` David Engster
2014-02-04 12:53 ` Ted Zlatanov
2014-02-04 13:25 ` David Engster
2014-02-06 0:49 ` Emacs Cloud (coverage and killed groups) Lars Ingebrigtsen
2014-02-07 2:49 ` Lars Ingebrigtsen
2014-02-07 8:56 ` Julien Danjou
2014-02-07 10:40 ` Peter Münster
2014-02-08 2:35 ` Lars Ingebrigtsen
2014-02-07 13:24 ` Ted Zlatanov
2014-02-03 14:53 ` Emacs Cloud Ted Zlatanov
2014-02-03 15:04 ` David Engster
2014-02-03 14:45 ` Ted Zlatanov
2014-02-02 17:20 ` Ted Zlatanov
2014-02-02 22:50 ` Lars Ingebrigtsen
2014-02-02 5:08 ` Ted Zlatanov
2014-02-05 7:46 ` Steinar Bang
2014-02-05 23:05 ` Lars Ingebrigtsen
2014-02-05 23:06 ` Lars Ingebrigtsen
2014-02-07 13:28 ` Ted Zlatanov
2014-02-08 4:13 ` Lars Ingebrigtsen
2014-02-10 8:43 ` Daiki Ueno
2014-02-10 13:32 ` Ted Zlatanov
2014-02-11 12:14 ` Lars Ingebrigtsen
2014-02-11 13:25 ` Daiki Ueno [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y51hlr16.fsf-ueno@gnu.org \
--to=ueno@gnu.org \
--cc=ding@gnus.org \
--cc=larsi@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).