Re: netrc.el now supports encoded files

[Simon Josefsson <jas@extundo.com>]

Ted Zlatanov <tzz@lifelogs.com> writes:

> On Tue, 6 Jan 2004, jas@extundo.com wrote:
>
>> IMHO, use GnuPG instead of OpenSSL.  I'm trying to remove the last
>> OpenSSL dependencies from Gnus (ssl.el and sha1-el.el are done, I'm
>> working on starttls.el, smime.el is the next step).  Perhaps
>> supporting OpenSSL as well is OK, but I think the defaults should be
>> to use GNU tools where available.
>
> Sure.  I don't use GnuPG, so if someone who does could give me the
> command lines I'll be glad to add the Lisp code to netrc.el.
> Actually I may move it all to gnus-encrypt.el or something like that.

Or a crypt+++.el.  It is a generally useful feature, so perhaps it is
worth the effort to separate it from Gnus.

>> I wrote an elisp AES implementation some time ago
>> (<http://josefsson.org/aes/>) but I'm not sure using it is a good
>> idea, password based file encryption is more complicated than the
>> block cipher primitive.
>
> That looks useful in theory, but it's very slow.  I was hoping for a
> faster cipher.  Should I just turn down rijndael-monte-carlo-limit
> and rijndael-monte-carlo-loop or would that make the cipher
> significantly less secure?  I don't know AES so I can't judge that.

The monte carlo stuff is only for the self-tests.  The self tests are
very slow, but encrypting a few kilobytes of a .netrc should not be a
problem speed-wise.

> The interface is pretty complicated (the string and key lengths are
> limited).  Can we have a simple encrypt/decrypt function?

The AES specification limit the key lengths and block lengths, if you
need arbitrary data lengths or password-to-key derivation, you must
invent your own -- or preferably, use something prepackaged, like CMS
or OpenPGP.

I'm not sure the current netrc.el approach should be advertised as
secure, there is more to file encryption than using some block cipher
in CBC mode, and deriving the key and iv from a password.  It is more
like obfuscation.  OTOH, obfuscation is what people seem to want.  If
the reason people want obfuscation is that real security is too costly
to set up, using GnuPG for .netrc is probably a good idea -- it is as
easy to use as the current nerc.el appear to be, and at least it
aspires to be secure.