emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: opaque data types


From: Christopher Schmidt
Subject: Re: opaque data types
Date: Sat, 8 Jun 2013 10:19:34 +0100 (BST)

Ted Zlatanov <address@hidden> writes:
> CS> Considering we are talking about a regular userspace application
> CS> with no distributed components I do not see any advantage at all
> CS> by encrypting passwords in memory.  How does interposing a
> CS> function to extract passwords from a new inbuild type increase
> CS> security at all?
>
> By making it less trivial to extract them.

That is security through obscurity.

> The opaque type makes it possible to change the implementation if
> better ways are available on a platform, e.g. the Mac OS X keychain or
> the Secrets API or the W32 keychain.  The fallback mechanism can at
> least make it a little harder to get someone's passwords.

Storing passwords using different backends does not require in-memory
encryption or a new opaque type.

How is this new type in combination with custom hard back ends superior
to what auth-info.el is doing already?

> CS> Who's your attacker anyway?
>
> Do we have to do risk assessments too?

I do not understand that question.

I was asking for an informal threat model because I did not understand
the problem you are trying to solve.  I still do not understand the
problem and I do not see how that new type makes provides any advantage
whatsoever.

        Christopher



reply via email to

[Prev in Thread] Current Thread [Next in Thread]