[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] master c3958e4: Add some comments to the auth-source obfus
From: |
Lars Ingebrigtsen |
Subject: |
[Emacs-diffs] master c3958e4: Add some comments to the auth-source obfuscation |
Date: |
Fri, 20 Sep 2019 16:25:15 -0400 (EDT) |
branch: master
commit c3958e48f6a257fa7e681b2b39ea83d677bcb2f3
Author: Lars Ingebrigtsen <address@hidden>
Commit: Lars Ingebrigtsen <address@hidden>
Add some comments to the auth-source obfuscation
* lisp/auth-source.el (auth-source--obfuscate): Add comments.
---
lisp/auth-source.el | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/lisp/auth-source.el b/lisp/auth-source.el
index e608afc..365ed2f 100644
--- a/lisp/auth-source.el
+++ b/lisp/auth-source.el
@@ -1164,9 +1164,15 @@ FILE is the file from which we obtained this token."
(defvar auth-source--session-nonce nil)
(defun auth-source--obfuscate (string)
+ ;; We want to keep passwords out of backtraces and bug reports and
+ ;; the like, so if we have GnuTLS available, we encrypt them with a
+ ;; nonce that we just keep in memory. If somebody has access to the
+ ;; current Emacs session, they can be decrypted, but if not, little
+ ;; useful information is leaked. If you reset the nonce, you also
+ ;; have to call `auth-source-forget-all-cached'.
(unless auth-source--session-nonce
(setq auth-source--session-nonce
- (apply #'string (cl-loop repeat 10
+ (apply #'string (cl-loop repeat 32
collect (random 128)))))
(if (and (fboundp 'gnutls-symmetric-encrypt)
(gnutls-available-p))
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] master c3958e4: Add some comments to the auth-source obfuscation,
Lars Ingebrigtsen <=