From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] Add GPG compatible symmetric encryption command Date: Sat, 08 Feb 2014 11:27:34 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <871tzdbmdl.fsf@lifelogs.com> References: <8761orch7y.fsf@lifelogs.com> <87ppmzw1p8.fsf-ueno@gnu.org> <87txcbawsi.fsf@lifelogs.com> <87ha8a2kax.fsf-ueno@gnu.org> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1391876868 20935 80.91.229.3 (8 Feb 2014 16:27:48 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 8 Feb 2014 16:27:48 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Feb 08 17:27:56 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WCAl2-0005kM-9h for ged-emacs-devel@m.gmane.org; Sat, 08 Feb 2014 17:27:56 +0100 Original-Received: from localhost ([::1]:47199 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WCAl1-0004j4-KN for ged-emacs-devel@m.gmane.org; Sat, 08 Feb 2014 11:27:55 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51508) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WCAku-0004iZ-18 for emacs-devel@gnu.org; Sat, 08 Feb 2014 11:27:53 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WCAkn-0002uO-IR for emacs-devel@gnu.org; Sat, 08 Feb 2014 11:27:47 -0500 Original-Received: from plane.gmane.org ([80.91.229.3]:58924) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WCAkn-0002uJ-BJ for emacs-devel@gnu.org; Sat, 08 Feb 2014 11:27:41 -0500 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1WCAkk-0005VS-IG for emacs-devel@gnu.org; Sat, 08 Feb 2014 17:27:38 +0100 Original-Received: from c-98-229-61-72.hsd1.ma.comcast.net ([98.229.61.72]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 08 Feb 2014 17:27:38 +0100 Original-Received: from tzz by c-98-229-61-72.hsd1.ma.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 08 Feb 2014 17:27:38 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 54 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: c-98-229-61-72.hsd1.ma.comcast.net X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) Cancel-Lock: sha1:Jg301fDCCVLlZoWsf/bxJCwGP/E= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:169492 Archived-At: On Sat, 08 Feb 2014 15:24:54 +0900 Daiki Ueno wrote: DU> Ted Zlatanov writes: >> Meanwhile, would you consider continuing with your patch to the point >> where Lars can use it from Gnus? DU> I wouldn't take that risk, sorry. Emacs will soon get CVE numbers DU> assigned, unless the patch will be carefully reviewed by experts and DU> actively maintained. I already found a few flaws that may lead to a DU> security hole. OK, I understand your concerns. DU> Let's look at your patch: DU> http://lists.gnu.org/archive/html/emacs-devel/2013-10/msg00144.html DU> Ouch. Why do you expose IV to Elisp and don't use any salt? Are you DU> aware that you are negating security doing secret key operation in DU> Elisp? Why do you always allocate new memory for key on heap, DU> plaintext, cipher, and why don't you clear them. How do you check if DU> password is correct or wrong. DU> It's much worse than I expected. I'm afraid to say you can't write any DU> security related code that people can depend on, at this skill level. I acknowledged your patch was a better approach. Your criticism is valid, regardless. My goal was to make the acceptance tests, which are 90% of the code, and to show a proof of concept for the API. The code was not intended to go into the core in that shape. As I said: "I would appreciate any comments at this early stage." and more recently "I'm sure it could use similar thoroughness [to your patch]." It was rejected for reasons other than code quality so I saw no point in improving it further. When I continue, it will be modeled after your patch and probably structured as an EPG plugin. I'll also note that the integration of the hash functions is a large part of my patch and probably does not need as much review or fixing. Those functions seem (from a casual reading) to be better optimized and to offer more choice than the ones in the Emacs core. Going through FFI, however, *may* negate the speed benefits. So perhaps importing just the hashing functions directly would be practically useful. DU> I'd suggest to read GNUTLS or GnuPG code to learn how practical DU> encryption code works. Perhaps my patch might also give you some DU> inspiration. It did, and I think it's good code and a good direction. It's a shame you don't want to continue with it. Ted