From: Simon Josefsson <jas@extundo.com>
Subject: Re: netrc.el now supports encoded files
Date: Wed, 07 Jan 2004 00:35:31 +0100 [thread overview]
Message-ID: <ilu65fobqgs.fsf@latte.josefsson.org> (raw)
In-Reply-To: <4nsmisy8lb.fsf@collins.bwh.harvard.edu> (Ted Zlatanov's message of "Tue, 06 Jan 2004 18:13:04 -0500")
Ted Zlatanov <tzz@lifelogs.com> writes:
>> The AES specification limit the key lengths and block lengths, if
>> you need arbitrary data lengths or password-to-key derivation, you
>> must invent your own -- or preferably, use something prepackaged,
>> like CMS or OpenPGP.
>
> OK, so we're back to external utilities... Maybe I'll prepend a
> number to the string, so I know the length of the data, and then pad
> it to the multiple that rijndael.el likes. I'd really like a
> built-in cipher so we don't depend on any external utilities, even if
> it's less secure.
I agree built-in is good. What we need is a password-to-key function.
PBKDF2 from PKCS#5 is simple to implement. IIRC, both arbitrary data
lengths and integrity protection of data could be solved by using CCM
mode (RFC 3610). Perhaps even a limited OpenPGP implementation is
realistic, PGG contains an OpenPGP parser now.
> Let's be realistic, most people want some security but a minimum of
> hassle. I think that netrc.el should actually complain if the netrc
> file is plain text in future Gnus versions, *unless* the user says
> it's OK. Whatever scheme we use, it's better than nothing.
Depends somewhat on if .authinfo is considered a Gnus file. Perhaps
someone is symlinking it to .netrc, which is a standard file used by
other applications.
>> If the reason people want obfuscation is that real security is too
>> costly to set up, using GnuPG for .netrc is probably a good idea --
>> it is as easy to use as the current nerc.el appear to be, and at
>> least it aspires to be secure.
>
> I don't think there's Gnus support for any sort of encryption of netrc
> files using GnuPG right now. How would one set that up? It was the
> lack of such support that made me sit down and modify netrc.el.
Right, I was talking about the hypothetical GnuPG support in netrc.el.
next prev parent reply other threads:[~2004-01-06 23:35 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-05 23:22 Ted Zlatanov
2004-01-05 23:34 ` Jesper Harder
2004-01-06 1:02 ` Ted Zlatanov
2004-01-06 0:13 ` Steven E. Harris
2004-01-06 1:01 ` Ted Zlatanov
2004-01-06 21:57 ` Chris Green
2004-01-06 23:00 ` Ted Zlatanov
2004-01-06 23:25 ` Simon Josefsson
2004-01-06 23:58 ` Ted Zlatanov
2004-01-07 0:09 ` Simon Josefsson
2004-01-07 2:53 ` Lars Magne Ingebrigtsen
2004-01-08 22:03 ` Ted Zlatanov
2004-01-27 19:44 ` Ted Zlatanov
2004-01-07 14:47 ` Chris Green
2004-01-08 20:48 ` Ted Zlatanov
2004-01-06 13:28 ` Simon Josefsson
2004-01-06 19:58 ` Ted Zlatanov
2004-01-06 20:24 ` Simon Josefsson
2004-01-06 20:59 ` Steven E. Harris
2004-01-06 22:00 ` Simon Josefsson
2004-01-06 22:24 ` Simon Josefsson
2004-01-06 22:56 ` Ted Zlatanov
2004-01-06 23:13 ` Ted Zlatanov
2004-01-06 23:35 ` Simon Josefsson [this message]
2004-01-06 20:33 ` Simon Josefsson
2004-01-06 23:14 ` Ted Zlatanov
2004-01-06 23:19 ` Richard Hoskins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ilu65fobqgs.fsf@latte.josefsson.org \
--to=jas@extundo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).