[Alpine-info] Preserve passwords setting?

Eduardo Chappa chappa at gmx.com
Wed Oct 19 17:48:17 PDT 2011

Previous message: [Alpine-info] Preserve passwords setting?
Next message: [Alpine-info] Preserve passwords setting?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 17 Oct 2011, Matt Ackeret wrote:

:) (IIRC, there's also an INSECURE "passfile" option people dissuade

:) people from using whenever it's mentioned.)

I agree and not.

The password file has a weak encryption. If anyone gets its hand into it,
it does not take much to decrypt it. Of course, someone has to get a hold
of it for that to happen. For example, Alpine sets protection 0600 for it
upon creation, and checks that it does not have a more permissive
protection than this, so Alpine protects you as best as possible from
yourself. Read the source code to see hot it is decrypted, etc.

Because of this, I encrypt my password file using a personal private
certificate, so if anyone gets a hold of it they will need to know how to
unlock my private certificate (the one used to sign S/MIME encrypted
messages). There is no need to fear using a password file anymore, unless
your hacker has the power of the cloud.

--
Eduardo
http://patches.freeiz.com/alpine/

Previous message: [Alpine-info] Preserve passwords setting?
Next message: [Alpine-info] Preserve passwords setting?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Alpine-info mailing list