From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Roland Winkler" Newsgroups: gmane.emacs.bugs Subject: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg Date: Sat, 28 Jan 2012 13:32:08 -0600 Message-ID: <20260.19768.553254.135471@gargle.gargle.HOWL> References: <87mxgcffq1.fsf@niu.edu> <87k44ffsdu.fsf@lifelogs.com> <87aa5aa38p.fsf@lifelogs.com> <20259.46649.66744.396059@gargle.gargle.HOWL> <877h0bveaq.fsf@gnus.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: dough.gmane.org 1327779206 6516 80.91.229.3 (28 Jan 2012 19:33:26 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sat, 28 Jan 2012 19:33:26 +0000 (UTC) Cc: 9113@debbugs.gnu.org, Ted Zlatanov To: Lars Ingebrigtsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Jan 28 20:33:24 2012 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1RrE1Z-0001gg-Qy for geb-bug-gnu-emacs@m.gmane.org; Sat, 28 Jan 2012 20:33:21 +0100 Original-Received: from localhost ([::1]:49569 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RrE1Z-0004nv-2b for geb-bug-gnu-emacs@m.gmane.org; Sat, 28 Jan 2012 14:33:21 -0500 Original-Received: from eggs.gnu.org ([140.186.70.92]:36914) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RrE1W-0004np-LS for bug-gnu-emacs@gnu.org; Sat, 28 Jan 2012 14:33:19 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RrE1V-0006UH-P8 for bug-gnu-emacs@gnu.org; Sat, 28 Jan 2012 14:33:18 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:43151) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RrE1V-0006UC-ML for bug-gnu-emacs@gnu.org; Sat, 28 Jan 2012 14:33:17 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1RrE2E-0003j5-6F for bug-gnu-emacs@gnu.org; Sat, 28 Jan 2012 14:34:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: "Roland Winkler" Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 28 Jan 2012 19:34:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 9113 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 9113-submit@debbugs.gnu.org id=B9113.132777918914258 (code B ref 9113); Sat, 28 Jan 2012 19:34:02 +0000 Original-Received: (at 9113) by debbugs.gnu.org; 28 Jan 2012 19:33:09 +0000 Original-Received: from localhost ([127.0.0.1]:48538 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1RrE1N-0003hu-Dq for submit@debbugs.gnu.org; Sat, 28 Jan 2012 14:33:09 -0500 Original-Received: from fencepost.gnu.org ([140.186.70.10]:49100 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1RrE1K-0003hn-P6 for 9113@debbugs.gnu.org; Sat, 28 Jan 2012 14:33:07 -0500 Original-Received: from 82.red-80-32-229.staticip.rima-tde.net ([80.32.229.82]:39265 helo=regnitz) by fencepost.gnu.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1RrE0Y-0002fm-69; Sat, 28 Jan 2012 14:32:20 -0500 In-Reply-To: <877h0bveaq.fsf@gnus.org> X-Mailer: VM 8.2 trial under 24.0.92.1 (x86_64-unknown-linux-gnu) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:56142 Archived-At: On Sat Jan 28 2012 Lars Ingebrigtsen wrote: > "Roland Winkler" writes: > > > It is highly recommended to store the file .authinfo as an > > encrypted file as .authinfo.gpg, though in some cases such a > > solution can be inconvenient or otherwise problematic. > > I would say "it's highly discouraged", because putting your > passwords into the .authinfo.gpg file will render your Emacs > virtually unusable for reading mail/news/etc. (By default.) > > I mean, unless you think typing in a password three gazillion > times is OK. But then it appears to me that elsewhere there is a problem: Why is it necessary that Emacs reads this file three gazillion times? I would assume: reading the encrypted file once and holding the content in memory cannot be more unsecure than storing the sensitive information in an unencrypted file. With an unencrypted file, the passwords are definitely lost / exposed if my laptop is lost or stolen. With an encrypted file, a thief needs to access the memory of a running (or dumped) emacs process, which appears less likely to me. In any case, how are ssh-agent and gpg-agent handling passphrases that are given to them? What am I missing here? Roland