From: Ted Zlatanov <tzz@lifelogs.com>
To: emacs-devel@gnu.org
Subject: Re: [PATCH] Add GPG compatible symmetric encryption command
Date: Sat, 08 Feb 2014 11:27:34 -0500 [thread overview]
Message-ID: <871tzdbmdl.fsf@lifelogs.com> (raw)
In-Reply-To: 87ha8a2kax.fsf-ueno@gnu.org
On Sat, 08 Feb 2014 15:24:54 +0900 Daiki Ueno <ueno@gnu.org> wrote:
DU> Ted Zlatanov <tzz@lifelogs.com> writes:
>> Meanwhile, would you consider continuing with your patch to the point
>> where Lars can use it from Gnus?
DU> I wouldn't take that risk, sorry. Emacs will soon get CVE numbers
DU> assigned, unless the patch will be carefully reviewed by experts and
DU> actively maintained. I already found a few flaws that may lead to a
DU> security hole.
OK, I understand your concerns.
DU> Let's look at your patch:
DU> http://lists.gnu.org/archive/html/emacs-devel/2013-10/msg00144.html
DU> Ouch. Why do you expose IV to Elisp and don't use any salt? Are you
DU> aware that you are negating security doing secret key operation in
DU> Elisp? Why do you always allocate new memory for key on heap,
DU> plaintext, cipher, and why don't you clear them. How do you check if
DU> password is correct or wrong.
DU> It's much worse than I expected. I'm afraid to say you can't write any
DU> security related code that people can depend on, at this skill level.
I acknowledged your patch was a better approach. Your criticism is
valid, regardless.
My goal was to make the acceptance tests, which are 90% of the code, and
to show a proof of concept for the API. The code was not intended to go
into the core in that shape. As I said:
"I would appreciate any comments at this early stage." and more recently
"I'm sure it could use similar thoroughness [to your patch]."
It was rejected for reasons other than code quality so I saw no point in
improving it further. When I continue, it will be modeled after your
patch and probably structured as an EPG plugin.
I'll also note that the integration of the hash functions is a large
part of my patch and probably does not need as much review or fixing.
Those functions seem (from a casual reading) to be better optimized and
to offer more choice than the ones in the Emacs core. Going through
FFI, however, *may* negate the speed benefits. So perhaps importing
just the hashing functions directly would be practically useful.
DU> I'd suggest to read GNUTLS or GnuPG code to learn how practical
DU> encryption code works. Perhaps my patch might also give you some
DU> inspiration.
It did, and I think it's good code and a good direction. It's a shame
you don't want to continue with it.
Ted
prev parent reply other threads:[~2014-02-08 16:27 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-07 8:36 [PATCH] Add GPG compatible symmetric encryption command Daiki Ueno
2014-02-07 11:09 ` Ted Zlatanov
2014-02-07 12:24 ` Daiki Ueno
2014-02-07 13:15 ` Ted Zlatanov
2014-02-08 6:24 ` Daiki Ueno
2014-02-08 16:27 ` Ted Zlatanov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871tzdbmdl.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).