From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: Moving files from lisp/gnus/ to lisp/net/? Date: Tue, 02 Nov 2004 13:30:58 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <4nfz3s6r31.fsf@lifelogs.com> References: <2366.81.51.30.174.1098020712.squirrel@yxa.extundo.com> <4nekjd9vqk.fsf@lifelogs.com> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1099420347 10038 80.91.229.6 (2 Nov 2004 18:32:27 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 2 Nov 2004 18:32:27 +0000 (UTC) Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 02 19:32:15 2004 Return-path: Original-Received: from lists.gnu.org ([199.232.76.165]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1CP3S3-0006O5-00 for ; Tue, 02 Nov 2004 19:32:15 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1CP3a7-0004JK-5k for ged-emacs-devel@m.gmane.org; Tue, 02 Nov 2004 13:40:35 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1CP3Z4-0003jV-QL for emacs-devel@gnu.org; Tue, 02 Nov 2004 13:39:31 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1CP3Z3-0003ir-P9 for emacs-devel@gnu.org; Tue, 02 Nov 2004 13:39:30 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1CP3Z3-0003iE-5h for emacs-devel@gnu.org; Tue, 02 Nov 2004 13:39:29 -0500 Original-Received: from [80.91.229.2] (helo=main.gmane.org) by monty-python.gnu.org with esmtp (Exim 4.34) id 1CP3Qw-0005c5-Qe for emacs-devel@gnu.org; Tue, 02 Nov 2004 13:31:07 -0500 Original-Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1CP3Qv-0003vf-00 for ; Tue, 02 Nov 2004 19:31:05 +0100 Original-Received: from asimov.bwh.harvard.edu ([134.174.9.63]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 02 Nov 2004 19:31:05 +0100 Original-Received: from tzz by asimov.bwh.harvard.edu with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 02 Nov 2004 19:31:05 +0100 X-Injected-Via-Gmane: http://gmane.org/ Original-To: emacs-devel@gnu.org Original-Lines: 25 Original-X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: asimov.bwh.harvard.edu X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3.50 (gnu/linux) Cancel-Lock: sha1:o++GjFfm+vdIQiOnYJiWSDGHFCM= X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:29336 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:29336 On Mon, 01 Nov 2004, jas@extundo.com wrote: > I understand the problem. One solution is to simply not use > encryption methods that doesn't provide integrity? Then the > decryption process would know if the password worked or not. We could do that, but I think it would be a loss to the users. > I believe that, in general, encryption mechanisms that do not offer > integrity protection are questionable. The XOR key derivation from > password seem a bit fragile, too. On the other hand, I realize that > only using GnuPG may create more work for the user. There are many reasons why the XOR cipher is desirable - not the least of which is that it depends on nothing and is very fast. Encryption is just a deterrent, like any other kind of data security, so it makes sense to have something trivial in addition to the real methods like GnuPG. You are right, however, that GnuPG can indicate that decryption failed. So maybe some ciphers should have the property :fail-aware and the code will do the passwords accordingly. Do you think this is the right approach? Ted