From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Ihor Radchenko Newsgroups: gmane.emacs.devel Subject: Re: Storing sensitive data indefinitely in variables or buffers: Whether and how to fix? Date: Thu, 01 Jun 2023 07:29:55 +0000 Message-ID: <87v8g7bpxo.fsf@localhost> References: <87fs7dnd1u.fsf@localhost> <6503151d-13be-f299-24a2-76bb9d6fecc8@alphapapa.net> <83h6rse2zb.fsf@gnu.org> <871qivd6ek.fsf@localhost> <83353bejwi.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="8138"; mail-complaints-to="usenet@ciao.gmane.io" Cc: adam@alphapapa.net, emacs-devel@gnu.org, jschmidt4gnu@vodafonemail.de To: Eli Zaretskii Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Jun 01 09:25:58 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q4ch3-0001tF-KD for ged-emacs-devel@m.gmane-mx.org; Thu, 01 Jun 2023 09:25:57 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q4cgf-0000Rs-WF; Thu, 01 Jun 2023 03:25:34 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q4cgd-0000Rf-Mk for emacs-devel@gnu.org; Thu, 01 Jun 2023 03:25:31 -0400 Original-Received: from mout02.posteo.de ([185.67.36.66]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q4cgb-0005xO-1I for emacs-devel@gnu.org; Thu, 01 Jun 2023 03:25:31 -0400 Original-Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id 9F087240103 for ; Thu, 1 Jun 2023 09:25:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1685604326; bh=3jSMJ8lPd/Rcz67KlfXSJXIeZk9YOYPaGx4WZXaSVrY=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:From; b=NEQeiVEhRbNiYhuGBrNJkd4bDctzj1dMXKc3PH7Rl7LrzB4Inhk7sIuidsGBi6GCc aQE10U027c6rms4s2DTNYDGx1lIJxE/E3yt+MXjpkNBzyA08UMR534RLt/8nHYpJGV EuIpPO4Pr8I0YpGFcXiOhYfsxJ4E74NBcwZvUOkrYiX9rWwOy+u7JylACCLqw2nk40 OHU8KsLiCyWLHWqoBkKIuZHow2pKMqaa4hWiTmUBWuKSQaiO2n9Vg62dhN1cMjwz9i 7rVCFkyHNk0N47WbjAEYFsQv2S4Gj6hvO4ZsFCgXLJtPxcwXG2Uwh/AxAOANbdS9RL Ehy53WJEGZDqw== Original-Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4QWyMn738nz9rxS; Thu, 1 Jun 2023 09:25:25 +0200 (CEST) In-Reply-To: <83353bejwi.fsf@gnu.org> Received-SPF: pass client-ip=185.67.36.66; envelope-from=yantar92@posteo.net; helo=mout02.posteo.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:306491 Archived-At: Eli Zaretskii writes: >> I think that it is not just about encryption. >> The API should also have ways to expire passwords and deal with a need >> to update them individually. > > What would be the effect of expiring a password on stuff stored using > the password that just expired? would it mean I can no longer access > that stuff? Or would it mean I must use a new password for storing > new stuff? Or something else? >From API point of view, there should be a simple way to (1) retrieve encrypted data, if unexpired; (2) retrieve expired encrypted data; (3) get information if the data is expired or not. > In any case, implementing some machinery for managing and expiring > passwords is relatively easy. Of course, it is easy to implement. Just wanted to raise the need to have expiration. > ... Cryptography, by contrast, is hard, so > we should use industry-strength implementations by experts for that, > and I think GnuTLS is a good candidate for that part, especially since > Emacs without GnuTLS is severely limited anyway (so we could assume > "almost everyone" have it). I agree. Is Emacs built with GnuTLS support by default? Another question about encryption is which secret should be used? Should it be configurable by users? Should it be the same for the whole secure storage? More granular? May encryption be disabled by users? -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at . Support Org development at , or support my work at