From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/84219
Path: news.gmane.org!not-for-mail
From: Daiki Ueno <ueno@gnu.org>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: Emacs Cloud
Date: Tue, 11 Feb 2014 22:25:57 +0900
Message-ID: <87y51hlr16.fsf-ueno@gnu.org>
References: <877g9fxwih.fsf@building.gnus.org>
	<87d2j140t1.fsf@building.gnus.org> <87lhxnaw6g.fsf@lifelogs.com>
	<877g966y3u.fsf@building.gnus.org> <m3sirrqrxc.fsf-ueno@gnu.org>
	<87a9dxkfrj.fsf@building.gnus.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1392125199 3536 80.91.229.3 (11 Feb 2014 13:26:39 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 11 Feb 2014 13:26:39 +0000 (UTC)
Cc: ding@gnus.org
To: Lars Ingebrigtsen <larsi@gnus.org>
Original-X-From: ding-owner+M32471@lists.math.uh.edu Tue Feb 11 14:26:46 2014
Return-path: <ding-owner+M32471@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from util0.math.uh.edu ([129.7.128.18])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <ding-owner+M32471@lists.math.uh.edu>)
	id 1WDDMJ-0006zd-Jl
	for ding-account@gmane.org; Tue, 11 Feb 2014 14:26:43 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by util0.math.uh.edu with smtp (Exim 4.63)
	(envelope-from <ding-owner+M32471@lists.math.uh.edu>)
	id 1WDDLp-0007ux-Ad; Tue, 11 Feb 2014 07:26:13 -0600
Original-Received: from mx2.math.uh.edu ([129.7.128.33])
	by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63)
	(envelope-from <ueno@gnu.org>)
	id 1WDDLm-0007uf-FY
	for ding@lists.math.uh.edu; Tue, 11 Feb 2014 07:26:10 -0600
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx2.math.uh.edu with esmtps (TLSv1:AES128-SHA:128)
	(Exim 4.76)
	(envelope-from <ueno@gnu.org>)
	id 1WDDLh-0000Sj-JD
	for ding@lists.math.uh.edu; Tue, 11 Feb 2014 07:26:10 -0600
Original-Received: from fencepost.gnu.org ([208.118.235.10] ident=Debian-exim)
	by quimby.gnus.org with esmtp (Exim 4.80)
	(envelope-from <ueno@gnu.org>)
	id 1WDDLg-0004oI-1o; Tue, 11 Feb 2014 14:26:04 +0100
Original-Received: from du-a.org ([2001:e41:db5e:fb14::1]:58371 helo=debian)
	by fencepost.gnu.org with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71)
	(envelope-from <ueno@gnu.org>)
	id 1WDDLe-0004DF-8V; Tue, 11 Feb 2014 08:26:02 -0500
In-Reply-To: <87a9dxkfrj.fsf@building.gnus.org> (Lars Ingebrigtsen's message
	of "Tue, 11 Feb 2014 04:14:40 -0800")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)
X-Spam-Score: -8.5 (--------)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:84219
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/84219>

Lars Ingebrigtsen <larsi@gnus.org> writes:

> Somebody that runs an IMAP server for you already has some of your
> credentials on hand, as well as the data from a thousand password
> resets emails.

They are usually one-time use.  I'm talking about off-line dictionary
attacks.  They could use a gazillion of computers (off-line) cracking
your encryption passwords to see your credentials inside ~/.authinfo,
including ones for other IMAP servers.

> 2) Symmetric encryption is good enough for this use case.

I still don't get why you concluded this is "good enough".  IMHO, the
use of symmetric encryption here is nothing but obfuscation.  Why not
compress+base64 is good enough?

Anyway, I'd suggest to warn users about

- what data will be stored on remote server
- how it will be protected

when setting up, at least.

Regards,
-- 
Daiki Ueno