Re: encrypting .authinfo?

Re: encrypting .authinfo?

[Jesper Harder]

Ted Zlatanov <tzz@lifelogs.com> writes:

> I only use my ~/.authinfo for Gnus.  Is there a way to have it stored
> encrypted on disk, and have Gnus retrieve it and decrypt it
> automatically (given a passphrase of course)?  I can extend netrc.el,
> but I was hoping this already existed for Gnus or Emacs in general.

crypt++.el, maybe?  I don't know if it'll work for .authinfo, but it's
intended for transparent en/decryption of files.

Re: encrypting .authinfo?

[Simon Josefsson]

Stainless Steel Rat <ratinox@peorth.gweep.net> writes:

> * Steven Elliot Harris <seharris@raytheon.com>  on Fri, 19 Dec 2003
> | I'll bite. If .authinfo contains several passwords for different
> | servers, it's more of a password "vault" with a single key. For every
> | password I add to the unencrypted file, I'm adding risk of exposure in
> | trade for convenience. Adding a password to encrypt the file restores
> | a single point of security to multiple points of convenience.
>
> .authinfo is mostly known or easilly obtained plain text, including the
> machine, login and password keywords, your login name and the names or IP
> addresses of your NNTP servers.  This makes it vulnerable to known plain
> text attacks.  Encrypting .authinfo will keep out keep out casual snoopers,
> but you can already do that with proper file permissions.  It will not stop
> a concerted attack.

Good tools are not vulnerable to known plain text attacks.  If
crypt++.el support GnuPG, then that should suffice, but I'm not sure
if crypt++.el handle `insert-file-contents' which is what netrc.el
uses.  Perhaps netrc.el has to be changed slightly to support this.

> And by the way, that may be irrelevant.  Unless you use NNTP over SSL or
> through SSH tunnels, your credentials are sent in the clear for any packet
> sniffer to see.

Exactly.

Re: encrypting .authinfo?

[Steven E. Harris]

Stainless Steel Rat <ratinox@peorth.gweep.net> writes:

> If you are genuinely concerned about the security of your NNTP
> passwords then you should not use a .authinfo file at all, or keep
> it on removable media like a USB key fob (which is also great for
> storing your PGP/GPG keys and other important stuff).

That's a good point. My main concern is that if someone steals my
laptop and is able to obtain Administrator-level access, he can
override any restrictive file permissions I have established. The
.authinfo file extends the range of the thief's acquisition. Not only
does he have my files in hand, but he now has access to my various
remote accounts as well.

Encrypting .authinfo with GPG would put me at ease. The problem is
that I don't want to have to manually decrypt it to a file every time
I start Gnus, then clean up the plain text copy afterward.

> And by the way, that may be irrelevant.  Unless you use NNTP over
> SSL or through SSH tunnels, your credentials are sent in the clear
> for any packet sniffer to see.

This has been bothering me. My ISP's news server requires login
credentials. The nice aspect is that I can use the server from any
connection. The dangerous aspect is as you note: my account password,
useful to log into the mail server or into my shell account, is being
sent around as plain text. It would be better to have a separate
password established just to cover news server logins. If that
password gets sniffed, the only loss is another user logging into the
news server under my guise. He would not have all my keys in
hand. Perhaps I should take this up with my ISP.

-- 
Steven E. Harris

Re: encrypting .authinfo?

[Ted Zlatanov]

On Fri, 19 Dec 2003, ratinox@peorth.gweep.net wrote:

> * Ted Zlatanov <tzz@lifelogs.com>  on Thu, 18 Dec 2003
>| I only use my ~/.authinfo for Gnus.  Is there a way to have it
>| stored encrypted on disk, and have Gnus retrieve it and decrypt it
>| automatically (given a passphrase of course)?  I can extend
>| netrc.el, but I was hoping this already existed for Gnus or Emacs
>| in general.
> 
> Question: since you have to type a password to decrypt the authinfo
> file, which stores a password, how is this two-stage system better
> (more secure) than typing a password when Gnus asks for it?

Because I have more than one entry in my authinfo file.

Ted

Re: encrypting .authinfo?

[Ted Zlatanov]

On Fri, 19 Dec 2003, harder@myrealbox.com wrote:

> Ted Zlatanov <tzz@lifelogs.com> writes:
> 
>> I only use my ~/.authinfo for Gnus.  Is there a way to have it
>> stored encrypted on disk, and have Gnus retrieve it and decrypt it
>> automatically (given a passphrase of course)?  I can extend
>> netrc.el, but I was hoping this already existed for Gnus or Emacs
>> in general.
> 
> crypt++.el, maybe?  I don't know if it'll work for .authinfo, but
> it's intended for transparent en/decryption of files.

Has anyone used it?  I don't want to commit to linking netrc.el and
crypt++.el if the latter is not ready.  Furthermore, I'd like
something that worked inside Gnus without external packages - maybe
using the common Unix "crypt" program or even implementing a simple
encryption/decryption algorithm in ELisp.

Ted