From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/39331 Path: main.gmane.org!not-for-mail From: Per Abrahamsen Newsgroups: gmane.emacs.gnus.general Subject: Re: Cancel locks? Date: Wed, 17 Oct 2001 13:10:43 +0200 Organization: The Church of Emacs Sender: owner-ding@hpc.uh.edu Message-ID: References: NNTP-Posting-Host: coloc-standby.netfonds.no Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1035175054 27315 80.91.224.250 (21 Oct 2002 04:37:34 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Mon, 21 Oct 2002 04:37:34 +0000 (UTC) Return-Path: Original-Received: (qmail 17137 invoked from network); 17 Oct 2001 11:11:42 -0000 Original-Received: from malifon.math.uh.edu (mail@129.7.128.13) by mastaler.com with SMTP; 17 Oct 2001 11:11:42 -0000 Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 15tobf-0005Gv-00; Wed, 17 Oct 2001 06:11:27 -0500 Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Wed, 17 Oct 2001 06:11:05 -0500 (CDT) Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66]) by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id GAA03023 for ; Wed, 17 Oct 2001 06:10:55 -0500 (CDT) Original-Received: (qmail 17114 invoked by alias); 17 Oct 2001 11:11:11 -0000 Original-Received: (qmail 17109 invoked from network); 17 Oct 2001 11:11:11 -0000 Original-Received: from sheridan.dina.kvl.dk (130.225.40.227) by gnus.org with SMTP; 17 Oct 2001 11:11:11 -0000 Original-Received: from ssv2.dina.kvl.dk (ssv2.dina.kvl.dk [130.225.40.226]) by sheridan.dina.kvl.dk (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id NAA02416; Wed, 17 Oct 2001 13:10:43 +0200 Original-Received: from abraham by ssv2.dina.kvl.dk with local (Exim 3.12 #1 (Debian)) id 15toax-0004tO-00; Wed, 17 Oct 2001 13:10:43 +0200 Original-To: ding@gnus.org X-Face: +kRV2]2q}lixHkE{U)mY#+6]{AH=yN~S9@IFiOa@X6?GM|8MBp/ In-Reply-To: (Simon Josefsson's message of "Wed, 17 Oct 2001 13:00:03 +0200 (CEST)") Original-Lines: 23 User-Agent: Gnus/5.090004 (Oort Gnus v0.04) Emacs/21.0.106 Precedence: list X-Majordomo: 1.94.jlt7 Xref: main.gmane.org gmane.emacs.gnus.general:39331 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:39331 Simon Josefsson writes: > Customize auto-save it, initialized to something random [1]? But the user > should then be informed about keeping .emacs read-protected in multi-user > environments. Which is a can of worms that shouldn't be opened. Sigh. If it is auto-generated, keeping .emacs read only is not really that important, as there currently are no real security with cancels. Anyone can cancel messages from anybody. If servers start honoring cancel locks, it become more important, as keeping the password secret will then buy you some extra security. If it is given by the user, the danger is larger, as he might use the same password for something important. > [1] There isn't a good PRNG available in elisp... Hm. Maybe a random > number library would be nice. Mostly we need some random data. Probably the time and pid is enough for this low impact use, in particular if the password is generated when the user start Gnus the first time, and not when he post the first time (in which case the time will be visible to an attacker in the Date header).