From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Ihor Radchenko <yantar92@posteo.net>
Newsgroups: gmane.emacs.devel
Subject: Re: Storing sensitive data indefinitely in variables or buffers:
 Whether and how to fix?
Date: Thu, 01 Jun 2023 07:29:55 +0000
Message-ID: <87v8g7bpxo.fsf@localhost>
References: <87fs7dnd1u.fsf@localhost>
 <6503151d-13be-f299-24a2-76bb9d6fecc8@alphapapa.net>
 <83h6rse2zb.fsf@gnu.org> <871qivd6ek.fsf@localhost>
 <83353bejwi.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="8138"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: adam@alphapapa.net, emacs-devel@gnu.org, jschmidt4gnu@vodafonemail.de
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Jun 01 09:25:58 2023
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1q4ch3-0001tF-KD
	for ged-emacs-devel@m.gmane-mx.org; Thu, 01 Jun 2023 09:25:57 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1q4cgf-0000Rs-WF; Thu, 01 Jun 2023 03:25:34 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <yantar92@posteo.net>)
 id 1q4cgd-0000Rf-Mk
 for emacs-devel@gnu.org; Thu, 01 Jun 2023 03:25:31 -0400
Original-Received: from mout02.posteo.de ([185.67.36.66])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <yantar92@posteo.net>)
 id 1q4cgb-0005xO-1I
 for emacs-devel@gnu.org; Thu, 01 Jun 2023 03:25:31 -0400
Original-Received: from submission (posteo.de [185.67.36.169]) 
 by mout02.posteo.de (Postfix) with ESMTPS id 9F087240103
 for <emacs-devel@gnu.org>; Thu,  1 Jun 2023 09:25:26 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017;
 t=1685604326; bh=3jSMJ8lPd/Rcz67KlfXSJXIeZk9YOYPaGx4WZXaSVrY=;
 h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:From;
 b=NEQeiVEhRbNiYhuGBrNJkd4bDctzj1dMXKc3PH7Rl7LrzB4Inhk7sIuidsGBi6GCc
 aQE10U027c6rms4s2DTNYDGx1lIJxE/E3yt+MXjpkNBzyA08UMR534RLt/8nHYpJGV
 EuIpPO4Pr8I0YpGFcXiOhYfsxJ4E74NBcwZvUOkrYiX9rWwOy+u7JylACCLqw2nk40
 OHU8KsLiCyWLHWqoBkKIuZHow2pKMqaa4hWiTmUBWuKSQaiO2n9Vg62dhN1cMjwz9i
 7rVCFkyHNk0N47WbjAEYFsQv2S4Gj6hvO4ZsFCgXLJtPxcwXG2Uwh/AxAOANbdS9RL
 Ehy53WJEGZDqw==
Original-Received: from customer (localhost [127.0.0.1])
 by submission (posteo.de) with ESMTPSA id 4QWyMn738nz9rxS;
 Thu,  1 Jun 2023 09:25:25 +0200 (CEST)
In-Reply-To: <83353bejwi.fsf@gnu.org>
Received-SPF: pass client-ip=185.67.36.66; envelope-from=yantar92@posteo.net;
 helo=mout02.posteo.de
X-Spam_score_int: -43
X-Spam_score: -4.4
X-Spam_bar: ----
X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:306491
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/306491>

Eli Zaretskii <eliz@gnu.org> writes:

>> I think that it is not just about encryption.
>> The API should also have ways to expire passwords and deal with a need
>> to update them individually.
>
> What would be the effect of expiring a password on stuff stored using
> the password that just expired? would it mean I can no longer access
> that stuff?  Or would it mean I must use a new password for storing
> new stuff?  Or something else?

>From API point of view, there should be a simple way to (1) retrieve
encrypted data, if unexpired; (2) retrieve expired encrypted data; (3)
get information if the data is expired or not.

> In any case, implementing some machinery for managing and expiring
> passwords is relatively easy.

Of course, it is easy to implement. Just wanted to raise the need to
have expiration.

> ...  Cryptography, by contrast, is hard, so
> we should use industry-strength implementations by experts for that,
> and I think GnuTLS is a good candidate for that part, especially since
> Emacs without GnuTLS is severely limited anyway (so we could assume
> "almost everyone" have it).

I agree.
Is Emacs built with GnuTLS support by default?

Another question about encryption is which secret should be used?
Should it be configurable by users? Should it be the same for the whole
secure storage? More granular? May encryption be disabled by users?

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>