Re: encrypting .authinfo? - Simon Josefsson

Announcements and discussions for Gnus, the GNU Emacs Usenet newsreader
 help / color / mirror / Atom feed

From: Simon Josefsson <jas@extundo.com>
Subject: Re: encrypting .authinfo?
Date: Sat, 20 Dec 2003 09:16:44 +0100	[thread overview]
Message-ID: <iluu13vewer.fsf@latte.josefsson.org> (raw)
In-Reply-To: <m3smjgkl11.fsf@peorth.gweep.net>

Stainless Steel Rat <ratinox@peorth.gweep.net> writes:

> * Steven Elliot Harris <seharris@raytheon.com>  on Fri, 19 Dec 2003
> | I'll bite. If .authinfo contains several passwords for different
> | servers, it's more of a password "vault" with a single key. For every
> | password I add to the unencrypted file, I'm adding risk of exposure in
> | trade for convenience. Adding a password to encrypt the file restores
> | a single point of security to multiple points of convenience.
>
> .authinfo is mostly known or easilly obtained plain text, including the
> machine, login and password keywords, your login name and the names or IP
> addresses of your NNTP servers.  This makes it vulnerable to known plain
> text attacks.  Encrypting .authinfo will keep out keep out casual snoopers,
> but you can already do that with proper file permissions.  It will not stop
> a concerted attack.

Good tools are not vulnerable to known plain text attacks.  If
crypt++.el support GnuPG, then that should suffice, but I'm not sure
if crypt++.el handle `insert-file-contents' which is what netrc.el
uses.  Perhaps netrc.el has to be changed slightly to support this.

> And by the way, that may be irrelevant.  Unless you use NNTP over SSL or
> through SSH tunnels, your credentials are sent in the clear for any packet
> sniffer to see.

Exactly.

next prev parent reply	other threads:[~2003-12-20  8:16 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <4nd6amuhne.fsf@collins.bwh.harvard.edu>
2003-12-19 13:28 ` Jesper Harder
2003-12-23 17:52   ` Ted Zlatanov
     [not found] ` <m31xr01ex3.fsf@peorth.gweep.net>
     [not found]   ` <831xr02pvp.fsf@torus.sehlabs.com>
     [not found]     ` <m3smjgkl11.fsf@peorth.gweep.net>
2003-12-20  8:16       ` Simon Josefsson [this message]
2003-12-21  4:29       ` Steven E. Harris
2003-12-23 17:36   ` Ted Zlatanov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=iluu13vewer.fsf@latte.josefsson.org \
    --to=jas@extundo.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).