* read-passwd: no longer as secure?
@ 2012-04-22 15:53 T.V. Raman
2012-04-24 0:53 ` Stefan Monnier
0 siblings, 1 reply; 4+ messages in thread
From: T.V. Raman @ 2012-04-22 15:53 UTC (permalink / raw)
To: emacs-devel
Spotted this because after a recent git update, I started hearing
passwords as I typed in Emacspeak.
The move to reimplementing read-passwd using read-string appears
to no longer set echo-keystrokes -- but is relying on setting
the display property of the char that is displayed to ?. ---
though this hides on the display it is still available to most
lisp code.
I can update emacspeak so it doesn't speak the chars --- but I
still feel somewhat uneasy about the read-passwd implementation
---
--
--
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: read-passwd: no longer as secure?
2012-04-22 15:53 read-passwd: no longer as secure? T.V. Raman
@ 2012-04-24 0:53 ` Stefan Monnier
2012-04-24 3:00 ` T.V. Raman
2012-04-24 12:26 ` Ted Zlatanov
0 siblings, 2 replies; 4+ messages in thread
From: Stefan Monnier @ 2012-04-24 0:53 UTC (permalink / raw)
To: T.V. Raman; +Cc: emacs-devel
> though this hides on the display it is still available to most
> lisp code.
As it was in the previous implementation (in the `pass' variable).
Hiding information is pretty contrary to the design of Emacs and Elisp.
> I can update emacspeak so it doesn't speak the chars --- but I
> still feel somewhat uneasy about the read-passwd implementation
The new implementation is a lot more flexible, so going back is not on
the agenda. But if it can be changed to cooperate better with tools
like Emacsspeak, I'd be happy to do so.
Stefan
^ permalink raw reply [flat|nested] 4+ messages in thread
* read-passwd: no longer as secure?
2012-04-24 0:53 ` Stefan Monnier
@ 2012-04-24 3:00 ` T.V. Raman
2012-04-24 12:26 ` Ted Zlatanov
1 sibling, 0 replies; 4+ messages in thread
From: T.V. Raman @ 2012-04-24 3:00 UTC (permalink / raw)
To: Stefan Monnier, emacs-devel
I've fixed emacspeakkk so it doesn't echo the passwd as the user
types -- though it is still possible to hear the password if
the user wishes -- so I guess it alligns with the rest of
Emacs;-) A aaagree with you that hiding information in the
elisp world -- and I wasn't necessssarily asking toooo go back
to the old version; however, when I saw the change, I justt felt unnneasy.
--
Best Regards,
--raman
--
Best Regards,
--raman
On 4/23/12, Stefan Monnier <monnier@iro.umontreal.ca> wrote:
>> though this hides on the display it is still available to most
>> lisp code.
>
> As it was in the previous implementation (in the `pass' variable).
> Hiding information is pretty contrary to the design of Emacs and Elisp.
>
>> I can update emacspeak so it doesn't speak the chars --- but I
>> still feel somewhat uneasy about the read-passwd implementation
>
> The new implementation is a lot more flexible, so going back is not on
> the agenda. But if it can be changed to cooperate better with tools
> like Emacsspeak, I'd be happy to do so.
>
>
> Stefan
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: read-passwd: no longer as secure?
2012-04-24 0:53 ` Stefan Monnier
2012-04-24 3:00 ` T.V. Raman
@ 2012-04-24 12:26 ` Ted Zlatanov
1 sibling, 0 replies; 4+ messages in thread
From: Ted Zlatanov @ 2012-04-24 12:26 UTC (permalink / raw)
To: emacs-devel
On Mon, 23 Apr 2012 20:53:04 -0400 Stefan Monnier <monnier@iro.umontreal.ca> wrote:
>> though this hides on the display it is still available to most
>> lisp code.
SM> As it was in the previous implementation (in the `pass' variable).
SM> Hiding information is pretty contrary to the design of Emacs and Elisp.
I've mentioned before that it would be useful to have a way to hide
passwords and other secret data.
Currently the best way to do it in ELisp is with a lexical-let closure
that decrypts when you invoke it, AFAIK. At least the data is not in
the open. But it would be nice to have a way to securely reserve and
then wipe a string, or perhaps a pass-through method that decrypts
straight into the process rather than into a string. I'd use it in
auth-source.el, for instance.
Ted
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-04-24 12:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-04-22 15:53 read-passwd: no longer as secure? T.V. Raman
2012-04-24 0:53 ` Stefan Monnier
2012-04-24 3:00 ` T.V. Raman
2012-04-24 12:26 ` Ted Zlatanov
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).