[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Storing sensitive data indefinitely in variables or buffers: Whether
|
From: |
tomas |
|
Subject: |
Re: Storing sensitive data indefinitely in variables or buffers: Whether and how to fix? |
|
Date: |
Thu, 1 Jun 2023 09:34:58 +0200 |
On Thu, Jun 01, 2023 at 10:11:57AM +0300, Eli Zaretskii wrote:
> > From: Ihor Radchenko <yantar92@posteo.net>
> > Cc: Adam Porter <adam@alphapapa.net>, emacs-devel@gnu.org,
> > jschmidt4gnu@vodafonemail.de
> > Date: Thu, 01 Jun 2023 06:48:51 +0000
> >
> > Eli Zaretskii <eliz@gnu.org> writes:
> >
> > >> I think Emacs needs a new library to store Lisp data securely.
> > >
> > > Can't we use the GnuTLS cryptography functions, like
> > > gnutls-symmetric-encrypt, for that?
> >
> > I think that it is not just about encryption.
> > The API should also have ways to expire passwords and deal with a need
> > to update them individually.
>
> What would be the effect of expiring a password on stuff stored using
> the password that just expired? would it mean I can no longer access
> that stuff? Or would it mean I must use a new password for storing
> new stuff? Or something else?
This might be a slight misunderstanding: if I understand Ihor correctly,
only the cached password is expired, so the user would have just to
reenter it. This is to mitigate the risk that someone else takes over
an abandoned session (a mild form of user presence check, if you will).
If I understand you correctly, you seem to envision the expiry of the
password itself, which is something different, to happen at the "server"
side.
Cheers
--
t
signature.asc
Description: PGP signature
- Re: Storing sensitive data indefinitely in variables or buffers: Whether and how to fix?, (continued)
Re: Storing sensitive data indefinitely in variables or buffers: Whether and how to fix?, Ihor Radchenko, 2023/06/01