Re: encrypt.el in No Gnus 0.7

[Reiner Steib]

On Mon, Nov 05 2007, Richard Stallman wrote:

>     RS> I just looked at encrypt.el.  It appears to support just GnuPG
>     RS> and "Built-in simple XOR".  And built-in simple XOR is just an
>     RS> example, not for real use.
>
>     The idea is to allow users to supply their own ciphers, and to
>     support other external utilities as users find it necessary.
>
> It is a sensible feature, but is it worth including in Emacs?  

Some thoughts...

I think it would be useful to have at least one builtin encryption
(without requiring external programs) in Emacs, if possible.

The cipher should be significantly better than obfuscation (ROT13) but
it doesn't need to be as GPG's ciphers.  I'm thinking of protection of
for not-too-valuable stuff like email and NNTP passwords
(e.g. passwords that are stored completely unprotected on disk by many
users up to now) against (accidentally?) exposing it to your
administrator, colleagues, family members, etc.

How strong or week are the builtin ciphers compared to e.g. the
algorithm used in Firefox/Thunderbird's password manager (I couldn't
find out which cipher the use)?  How long does it take on a "standard
PC" to break an ~/.authinfo file protected with a password of say 8
chars?

> Is there any sign that users use it?

As it was not part of any released Gnus version, so I can't be in
widespread use.

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/