From: Ihor Radchenko <yantar92@posteo.net>
To: Eli Zaretskii <eliz@gnu.org>
Cc: adam@alphapapa.net, emacs-devel@gnu.org, jschmidt4gnu@vodafonemail.de
Subject: Re: Storing sensitive data indefinitely in variables or buffers: Whether and how to fix?
Date: Thu, 01 Jun 2023 07:29:55 +0000 [thread overview]
Message-ID: <87v8g7bpxo.fsf@localhost> (raw)
In-Reply-To: <83353bejwi.fsf@gnu.org>
Eli Zaretskii <eliz@gnu.org> writes:
>> I think that it is not just about encryption.
>> The API should also have ways to expire passwords and deal with a need
>> to update them individually.
>
> What would be the effect of expiring a password on stuff stored using
> the password that just expired? would it mean I can no longer access
> that stuff? Or would it mean I must use a new password for storing
> new stuff? Or something else?
From API point of view, there should be a simple way to (1) retrieve
encrypted data, if unexpired; (2) retrieve expired encrypted data; (3)
get information if the data is expired or not.
> In any case, implementing some machinery for managing and expiring
> passwords is relatively easy.
Of course, it is easy to implement. Just wanted to raise the need to
have expiration.
> ... Cryptography, by contrast, is hard, so
> we should use industry-strength implementations by experts for that,
> and I think GnuTLS is a good candidate for that part, especially since
> Emacs without GnuTLS is severely limited anyway (so we could assume
> "almost everyone" have it).
I agree.
Is Emacs built with GnuTLS support by default?
Another question about encryption is which secret should be used?
Should it be configurable by users? Should it be the same for the whole
secure storage? More granular? May encryption be disabled by users?
--
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>
next prev parent reply other threads:[~2023-06-01 7:29 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-30 21:25 Storing sensitive data indefinitely in variables or buffers: Whether and how to fix? Jens Schmidt
2023-05-31 8:02 ` Ihor Radchenko
2023-05-31 16:39 ` Adam Porter
2023-05-31 18:17 ` tomas
2023-06-01 6:34 ` Ihor Radchenko
2023-06-01 6:51 ` tomas
2023-06-01 7:11 ` Ihor Radchenko
2023-05-31 19:05 ` Eli Zaretskii
2023-06-01 6:48 ` Ihor Radchenko
2023-06-01 7:11 ` Eli Zaretskii
2023-06-01 7:29 ` Ihor Radchenko [this message]
2023-06-01 7:33 ` Eli Zaretskii
2023-06-01 7:34 ` tomas
2023-05-31 19:37 ` Jens Schmidt
2023-06-01 6:42 ` Ihor Radchenko
2023-06-01 20:10 ` Jens Schmidt
2023-06-01 20:47 ` Adam Porter
2023-06-02 6:30 ` Eli Zaretskii
2023-06-04 23:47 ` Adam Porter
2023-06-05 2:31 ` Eli Zaretskii
2023-05-31 12:56 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v8g7bpxo.fsf@localhost \
--to=yantar92@posteo.net \
--cc=adam@alphapapa.net \
--cc=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=jschmidt4gnu@vodafonemail.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).