From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Christopher Schmidt <christopher@ch.ristopher.com>
Newsgroups: gmane.emacs.devel
Subject: Re: opaque data types
Date: Sat,  8 Jun 2013 10:19:34 +0100 (BST)
Message-ID: <877gi5gdsq@ch.ristopher.com>
References: <CAMqXDZsfpKXdeAA6xjB2RntBEfekf6WQzJTg74EKwPRi-sGNcA@mail.gmail.com>
	<51AE71DB.8060005@yandex.ru> <87zjv41uer.fsf@lifelogs.com>
	<jwvvc5spice.fsf-monnier+emacs@gnu.org>
	<da0e0636-9bf9-4e99-b2fa-d1f146de1701@default>
	<878v2oxwhr.fsf@lifelogs.com>
	<87r4gfa8nw.fsf@uwakimon.sk.tsukuba.ac.jp>
	<87fvwvwgg5.fsf@lifelogs.com>
	<87li6maa9r.fsf@uwakimon.sk.tsukuba.ac.jp>
	<87sj0uqdhm.fsf_-_@lifelogs.com> <87a9n2oxu6@ch.ristopher.com>
	<87bo7iqad2.fsf@lifelogs.com> <87txlancx8@ch.ristopher.com>
	<87y5alq58o.fsf@lifelogs.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1370683184 21343 80.91.229.3 (8 Jun 2013 09:19:44 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sat, 8 Jun 2013 09:19:44 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Jun 08 11:19:45 2013
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1UlFJI-00015I-RM
	for ged-emacs-devel@m.gmane.org; Sat, 08 Jun 2013 11:19:44 +0200
Original-Received: from localhost ([::1]:59016 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1UlFJI-0002SD-CK
	for ged-emacs-devel@m.gmane.org; Sat, 08 Jun 2013 05:19:44 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45139)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <christopher@ch.ristopher.com>) id 1UlFJD-0002Rw-1H
	for emacs-devel@gnu.org; Sat, 08 Jun 2013 05:19:41 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <christopher@ch.ristopher.com>) id 1UlFJA-0002ZX-AM
	for emacs-devel@gnu.org; Sat, 08 Jun 2013 05:19:38 -0400
Original-Received: from ristopher.com ([146.185.21.93]:52067
	helo=saturn.ch.ristopher.com) by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <christopher@ch.ristopher.com>) id 1UlFJA-0002ZN-2F
	for emacs-devel@gnu.org; Sat, 08 Jun 2013 05:19:36 -0400
Original-Received: by saturn.ch.ristopher.com (Postfix, from userid 0)
	id 143C4201A3; Sat,  8 Jun 2013 10:19:34 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ch.ristopher.com;
	s=mail; t=1370683174;
	bh=0QbspJ3qy+pJg9dG19GzoiIE1mZ0TXUFEyzIv+04YFM=;
	h=From:To:Subject:In-Reply-To:Message-ID:References:MIME-Version:
	Content-Type:Date;
	b=zH9jab4VPLs7FrN6uKmSlMpaZtwF3cFUM7vFHHOP1Yv3+8rEPvoTrIcRCEiljP94d
	fmsEC5hxCcSsFFub09AmNP/hFRDhnndX6dm1dE9rrJcS8yqjIANyWLaMoUFfjYCGl4
	8TEiWgDXEaCPJRJsFKiZCRGKJt4plnGwfjh3b7eg=
In-Reply-To: <87y5alq58o.fsf@lifelogs.com> (Ted Zlatanov's message of "Fri,
	07 Jun 2013 12:01:59 -0400")
Mail-Followup-To: emacs-devel@gnu.org
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x
X-Received-From: 146.185.21.93
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:160267
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/160267>

Ted Zlatanov <tzz@lifelogs.com> writes:
> CS> Considering we are talking about a regular userspace application
> CS> with no distributed components I do not see any advantage at all
> CS> by encrypting passwords in memory.  How does interposing a
> CS> function to extract passwords from a new inbuild type increase
> CS> security at all?
>
> By making it less trivial to extract them.

That is security through obscurity.

> The opaque type makes it possible to change the implementation if
> better ways are available on a platform, e.g. the Mac OS X keychain or
> the Secrets API or the W32 keychain.  The fallback mechanism can at
> least make it a little harder to get someone's passwords.

Storing passwords using different backends does not require in-memory
encryption or a new opaque type.

How is this new type in combination with custom hard back ends superior
to what auth-info.el is doing already?

> CS> Who's your attacker anyway?
>
> Do we have to do risk assessments too?

I do not understand that question.

I was asking for an informal threat model because I did not understand
the problem you are trying to solve.  I still do not understand the
problem and I do not see how that new type makes provides any advantage
whatsoever.

        Christopher