Re: Storing sensitive data indefinitely in variables or buffers: Whether and how to fix?

[Ihor Radchenko]

Eli Zaretskii <eliz@gnu.org> writes:

>> I think that it is not just about encryption.
>> The API should also have ways to expire passwords and deal with a need
>> to update them individually.
>
> What would be the effect of expiring a password on stuff stored using
> the password that just expired? would it mean I can no longer access
> that stuff?  Or would it mean I must use a new password for storing
> new stuff?  Or something else?

>From API point of view, there should be a simple way to (1) retrieve
encrypted data, if unexpired; (2) retrieve expired encrypted data; (3)
get information if the data is expired or not.

> In any case, implementing some machinery for managing and expiring
> passwords is relatively easy.

Of course, it is easy to implement. Just wanted to raise the need to
have expiration.

> ...  Cryptography, by contrast, is hard, so
> we should use industry-strength implementations by experts for that,
> and I think GnuTLS is a good candidate for that part, especially since
> Emacs without GnuTLS is severely limited anyway (so we could assume
> "almost everyone" have it).

I agree.
Is Emacs built with GnuTLS support by default?

Another question about encryption is which secret should be used?
Should it be configurable by users? Should it be the same for the whole
secure storage? More granular? May encryption be disabled by users?

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>