[Alpine-info] Preserve passwords setting?
chappa at gmx.com
Wed Oct 19 17:48:17 PDT 2011
On Mon, 17 Oct 2011, Matt Ackeret wrote:
:) (IIRC, there's also an INSECURE "passfile" option people dissuade
:) people from using whenever it's mentioned.)
I agree and not.
The password file has a weak encryption. If anyone gets its hand into it,
it does not take much to decrypt it. Of course, someone has to get a hold
of it for that to happen. For example, Alpine sets protection 0600 for it
upon creation, and checks that it does not have a more permissive
protection than this, so Alpine protects you as best as possible from
yourself. Read the source code to see hot it is decrypted, etc.
Because of this, I encrypt my password file using a personal private
certificate, so if anyone gets a hold of it they will need to know how to
unlock my private certificate (the one used to sign S/MIME encrypted
messages). There is no need to fear using a password file anymore, unless
your hacker has the power of the cloud.
More information about the Alpine-info