Re: read-passwd: no longer as secure?

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: read-passwd: no longer as secure?

From:	Ted Zlatanov
Subject:	Re: read-passwd: no longer as secure?
Date:	Tue, 24 Apr 2012 08:26:16 -0400
User-agent:	Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.1.50 (gnu/linux)

On Mon, 23 Apr 2012 20:53:04 -0400 Stefan Monnier <address@hidden> wrote: 

>> though this hides on the display it is still available to most
>> lisp code.

SM> As it was in the previous implementation (in the `pass' variable).
SM> Hiding information is pretty contrary to the design of Emacs and Elisp.

I've mentioned before that it would be useful to have a way to hide
passwords and other secret data.

Currently the best way to do it in ELisp is with a lexical-let closure
that decrypts when you invoke it, AFAIK.  At least the data is not in
the open.  But it would be nice to have a way to securely reserve and
then wipe a string, or perhaps a pass-through method that decrypts
straight into the process rather than into a string.  I'd use it in
auth-source.el, for instance.

Ted

[Prev in Thread]

Current Thread

[Next in Thread]

read-passwd: no longer as secure?, T.V. Raman, 2012/04/22
- Re: read-passwd: no longer as secure?, Stefan Monnier, 2012/04/23
  - read-passwd: no longer as secure?, T.V. Raman, 2012/04/23
  - Re: read-passwd: no longer as secure?, Ted Zlatanov <=

Prev by Date: Re: Guile based Elisp faster?
Next by Date: Re: Clearing the minibuffer/echo-area for global indicators
Previous by thread: read-passwd: no longer as secure?
Next by thread: emacs-20120423-r108006 Windows Binaries
Index(es):
- Date
- Thread