[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: read-passwd: no longer as secure?

From: Ted Zlatanov
Subject: Re: read-passwd: no longer as secure?
Date: Tue, 24 Apr 2012 08:26:16 -0400
User-agent: Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.1.50 (gnu/linux)

On Mon, 23 Apr 2012 20:53:04 -0400 Stefan Monnier <address@hidden> wrote: 

>> though this hides on the display it is still available to most
>> lisp code.

SM> As it was in the previous implementation (in the `pass' variable).
SM> Hiding information is pretty contrary to the design of Emacs and Elisp.

I've mentioned before that it would be useful to have a way to hide
passwords and other secret data.

Currently the best way to do it in ELisp is with a lexical-let closure
that decrypts when you invoke it, AFAIK.  At least the data is not in
the open.  But it would be nice to have a way to securely reserve and
then wipe a string, or perhaps a pass-through method that decrypts
straight into the process rather than into a string.  I'd use it in
auth-source.el, for instance.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]