From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: Storing sensitive data indefinitely in variables or buffers: Whether and how to fix? Date: Thu, 01 Jun 2023 10:11:57 +0300 Message-ID: <83353bejwi.fsf@gnu.org> References: <87fs7dnd1u.fsf@localhost> <6503151d-13be-f299-24a2-76bb9d6fecc8@alphapapa.net> <83h6rse2zb.fsf@gnu.org> <871qivd6ek.fsf@localhost> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="15980"; mail-complaints-to="usenet@ciao.gmane.io" Cc: adam@alphapapa.net, emacs-devel@gnu.org, jschmidt4gnu@vodafonemail.de To: Ihor Radchenko Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Jun 01 09:11:29 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q4cT3-0003xF-KF for ged-emacs-devel@m.gmane-mx.org; Thu, 01 Jun 2023 09:11:29 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q4cSp-0001Qq-Km; Thu, 01 Jun 2023 03:11:15 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q4cSn-0001JP-Ue for emacs-devel@gnu.org; Thu, 01 Jun 2023 03:11:13 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q4cSm-0003KK-Sp; Thu, 01 Jun 2023 03:11:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=0i4Xtfg7mMF6DThSWsYnDkJQlEWOm5ZuvjRgmUVIYAA=; b=ZSpbVKBmiBGF iX0cPoGO0/9mIBtV32jEgluhDUKcZGzsWTRUHUVIeh/OYKmBbRWxQTFP9BOfU5x5NISoxccpGG4u6 R7zaKRalHxqajbhmnD2IL4f3BYF3zpNisErRfcVHFcnPc/reDTXGgUT5+u2FazGrB8ptPreoyOiEf wVvkf8uTbGf7NIMr3v2p8yzAeWuwYw6oDtYi5NtzuaXUnlffcVnmNcD/Wg9k8wkmhTRwupiOM5u0p l1RI/jbKs5EwApYcIodPt4mYEDBr6wF9BldGOtAEY3b6Cm+M9x1oRL9+3HmFQjgyHkVBXovg547+o ezX5uWNMHOf61MqXs4ivug==; Original-Received: from [87.69.77.57] (helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q4cSm-0000vA-Al; Thu, 01 Jun 2023 03:11:12 -0400 In-Reply-To: <871qivd6ek.fsf@localhost> (message from Ihor Radchenko on Thu, 01 Jun 2023 06:48:51 +0000) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:306489 Archived-At: > From: Ihor Radchenko > Cc: Adam Porter , emacs-devel@gnu.org, > jschmidt4gnu@vodafonemail.de > Date: Thu, 01 Jun 2023 06:48:51 +0000 > > Eli Zaretskii writes: > > >> I think Emacs needs a new library to store Lisp data securely. > > > > Can't we use the GnuTLS cryptography functions, like > > gnutls-symmetric-encrypt, for that? > > I think that it is not just about encryption. > The API should also have ways to expire passwords and deal with a need > to update them individually. What would be the effect of expiring a password on stuff stored using the password that just expired? would it mean I can no longer access that stuff? Or would it mean I must use a new password for storing new stuff? Or something else? In any case, implementing some machinery for managing and expiring passwords is relatively easy. Cryptography, by contrast, is hard, so we should use industry-strength implementations by experts for that, and I think GnuTLS is a good candidate for that part, especially since Emacs without GnuTLS is severely limited anyway (so we could assume "almost everyone" have it). > multisession.el, AFAIU, only allows storing symbol values and the > smallest piece of data. But one cannot always dedicate a separate > variable symbol for each password or secret. An alist of (HOST . > PASSWORD) often needs to be stored with each HOST having dedicated rules > about expiry. You are AFAU talking about application layers about 2 levels above what I was thinking about. Before we discuss all those application-level issues, we should decide how to store stuff securely, and that AFAIU means some kind of encryption. Which is why I mentioned GnuTLS and its abilities exposed to Emacs Lisp.