From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: NaCl support for Emacs Date: Tue, 10 Jan 2012 06:54:04 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87pqerg4df.fsf@lifelogs.com> References: <87lipl22xm.fsf@lifelogs.com> <87boqh20ha.fsf@lifelogs.com> <871urc46c9.fsf@uwakimon.sk.tsukuba.ac.jp> <739bsoysp.fsf@news.eternal-september.org> <87ty47r5yt.fsf@lifelogs.com> <87k452p5u3.fsf@lifelogs.com> <87liphne9e.fsf_-_@lifelogs.com> <87fwfon7gl.fsf@lifelogs.com> <87hb04icxl.fsf@lifelogs.com> <87pqesgwnj.fsf@lifelogs.com> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1326196481 2739 80.91.229.12 (10 Jan 2012 11:54:41 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 10 Jan 2012 11:54:41 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Jan 10 12:54:35 2012 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1RkaHj-0007s0-2C for ged-emacs-devel@m.gmane.org; Tue, 10 Jan 2012 12:54:35 +0100 Original-Received: from localhost ([::1]:59513 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RkaHi-0003PN-Dq for ged-emacs-devel@m.gmane.org; Tue, 10 Jan 2012 06:54:34 -0500 Original-Received: from eggs.gnu.org ([140.186.70.92]:46651) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RkaHa-0003Ma-S0 for emacs-devel@gnu.org; Tue, 10 Jan 2012 06:54:32 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RkaHZ-0002Ya-Uj for emacs-devel@gnu.org; Tue, 10 Jan 2012 06:54:26 -0500 Original-Received: from lo.gmane.org ([80.91.229.12]:59934) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RkaHZ-0002YH-M8 for emacs-devel@gnu.org; Tue, 10 Jan 2012 06:54:25 -0500 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1RkaHW-0007lP-Cu for emacs-devel@gnu.org; Tue, 10 Jan 2012 12:54:22 +0100 Original-Received: from c-76-28-40-19.hsd1.vt.comcast.net ([76.28.40.19]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 10 Jan 2012 12:54:22 +0100 Original-Received: from tzz by c-76-28-40-19.hsd1.vt.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 10 Jan 2012 12:54:22 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 37 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: c-76-28-40-19.hsd1.vt.comcast.net X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.90 (gnu/linux) Cancel-Lock: sha1:jbSYHHJU/eoK0+sjrw79RPvwvT4= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 80.91.229.12 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:147562 Archived-At: On Mon, 09 Jan 2012 22:21:19 -0500 Stefan Monnier wrote: >> Argh. The auth-source cache is already implemented as a hack, is that >> hard enough evidence? Quoting the relevant bit from >> `auth-source-netrc-parse': >> #+begin_src lisp >> ;; cache all netrc files (used to be just .gpg files) >> ;; Store the contents of the file heavily encrypted in memory. >> ;; (note for the irony-impaired: they are just obfuscated) >> (aput 'auth-source-netrc-cache file >> (list :mtime (nth 5 (file-attributes file)) >> :secret (lexical-let ((v (mapcar '1+ (buffer-string)))) >> (lambda () (apply 'string (mapcar '1- v)))))) >> #+end_src SM> Not only I'm not worried about that, but I'm not sure libnettle (or any SM> other encryption library) would help you fix the underlying problem: SM> Emacs needs to be able to recover the password for later use anyway, so SM> anything we do can only ever be obfuscation, AFAIK. Maybe there's some SM> clever way to do better, but again, for lack of hard evidence SM> I'm unconvinced. With true encryption with libnettle, we can encrypt the secret in memory, on the wire, and on disk so a casual attacker doesn't have the chance to grab it. This should hook into the Lisp object printer, for instance, so it's effortless to print and read encrypted objects. I'm worried about treating obfuscation as "good enough" security. That has a history of backfiring. Would it convince you to show an attack that succeeds with obfuscation but fails with true encryption? I know Emacs is not designed with security in mind. We have to start somewhere; this will at least harden the outer shell. You may not be worried about it, but I am. Ted