[sup-talk] Encrypted password in configuration file

Archive of RubyForge sup-talk mailing list
 help / color / mirror / Atom feed

From: jim@gonzul.net (Jim Cheetham)
Subject: [sup-talk] Encrypted password in configuration file
Date: Fri, 28 Aug 2009 21:28:28 +1200	[thread overview]
Message-ID: <f4cc59760908280228i47bbd52dy87a5695e3a2361c0@mail.gmail.com> (raw)
In-Reply-To: <20090828082349.61bfc91b@ronin.larsko.net>

On Fri, Aug 28, 2009 at 7:23 PM, Lars Kotthoff<lars at larsko.org> wrote:
>> It's possible, but slightly pointless.
>
> Not if the user supplies the passphrase, e.g. it could be encrypted with the
> user's GPG key and ask for the passphrase at startup.

Why not just ask for the IMAP password itself? There's no functional
difference between that secret, and the secret that unlocks the secret
... indeed, if sup were to accidentally expose the passphrase you
provided, would you rather lose your GPG key or your IMAP key?

If you are really determined to allow others to read your private
files, why not just encrypt the whole .sup directory with a separate
tool (TrueCrypt, loopback, rot13, encfs, ecryptfs, or whatever else
your distribution provides).

That way, you are also protecting the ferret index collection, and the
default sent box, which all contain data of the same level of
sensitivity as your mailbox. Given your concern, I assume that you
will be remembering to terminate sup and dismount the .sup directory
every time you walk away from the keyboard.

(Many schemes these days encrypt the whole of $HOME, which makes the
whole screensaver/away from the keyboard thing even more difficult).

Security must be appropriate to be actual security. Otherwise it's
just an expensive fa?ade.

-jim

next prev parent reply	other threads:[~2009-08-28  9:28 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-08-24 20:54 Lars Kotthoff
2009-08-28  2:37 ` Jim Cheetham
     [not found]   ` <20090828012502.15484x8musndy5mo@webmail.seas.upenn.edu>
2009-08-28  7:07     ` Jim Cheetham
2009-08-28  7:23   ` Lars Kotthoff
2009-08-28  9:28     ` Jim Cheetham [this message]
2009-08-28 20:29 ` William Morgan
2009-08-28 22:48 ` Mike Kelly

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f4cc59760908280228i47bbd52dy87a5695e3a2361c0@mail.gmail.com \
    --to=jim@gonzul.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox