[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [sup-talk] how to replace (al)pine's passfile functionality

To: Erik Quaeghebeur <sup@equaeghe.nospammail.net>, sup-talk@rubyforge.org
Subject: Re: [sup-talk] how to replace (al)pine's passfile functionality
From: Nicolas Pouillard <nicolas.pouillard@gmail.com>
Date: Mon, 26 Apr 2010 00:23:38 -0700 (PDT)
Authentication-results: mx.google.com; spf=pass (google.com: domain of sup-talk-bounces@rubyforge.org designates 205.234.109.19 as permitted sender) smtp.mail=sup-talk-bounces@rubyforge.org; dkim=neutral (body hash did not verify) header.i=@gmail.com
Delivered-to: eg@gaute.vetsj.com
Delivered-to: sup-talk@rubyforge.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:subject :to:in-reply-to:references; bh=67MYhvfADqyfYfsDO70GUcNDGL6x5cSYy5cASBYejqU=; b=anT6WzXeoW4OSIm19rDihhhFhW5GMP0qwo8x4aMdxMVrcUHGpRNVFaSWFdQHweNZPM LFkBnOdGlQAv3+FK1zP/JQ4f2dfrNr+Z+rtJ32yPEPglWjczURog79exqNBl+q9A1mDD P72ci0pYsxGLMFH08FOFtL43Za67iKxt+lT3Q=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:subject:to:in-reply-to:references; b=kwKMba3+Ozj9Ql2Wq/cesUi68tKkJ5v9C6ueuRtN9pDAjqLnpIvvqgpSGcPhasaF/p LlpSWuHLKA8nH4Nxnl4PNU2ZXTczLbwoL5u0PLjnON+X1hikpjbzwlyEaX3L32eF5NlY 3VJlyBjbpJ0Tpja+Dsa3QDTDNwRZmvSXhFO78=
In-reply-to: <alpine.DEB.2.00.1004260052050.913@flfbcjrt>
List-archive: <http://rubyforge.org/pipermail/sup-talk>
List-help: <mailto:sup-talk-request@rubyforge.org?subject=help>
List-id: User & developer discussion of Sup <sup-talk.rubyforge.org>
List-post: <mailto:sup-talk@rubyforge.org>
List-subscribe: <http://rubyforge.org/mailman/listinfo/sup-talk>, <mailto:sup-talk-request@rubyforge.org?subject=subscribe>
List-unsubscribe: <http://rubyforge.org/mailman/options/sup-talk>, <mailto:sup-talk-request@rubyforge.org?subject=unsubscribe>
References: <alpine.DEB.2.00.1004260052050.913@flfbcjrt>
Sender: sup-talk-bounces@rubyforge.org

On Mon, 26 Apr 2010 00:57:39 -0400 (EDT), Erik Quaeghebeur <sup@equaeghe.nospammail.net> wrote:
> Hi,
Hi,

> (Al)pine has a passfile functionality: a (weakly) encrypted file contains 
> the passwords necessary for imap, nntp, and smpt connections. For sup 
> (0.11 on ruby 1.8), I use offlineimap and msmpt, both of which need 
> passwords either stored in plaintext in their config files or in the netrc 
> file. Is there any way to use some kind of encrypted netrc (something in 
> the vein of kde's wallet), which is decrypted/made accessible on login or 
> with a one-time password dialog?

What I do is to store these sensitive configuration files on some encrypted
filesystem. Encfs and dmcrypt-luks (linux only) are fine choices to do so.

The result is that if someone get root access or your access to the machine
then yes he has the password but its much worse than that since he can setup
a keylogger patch your binaries...

However the good news is that if he needs to reboot the machine then all of
these filesystem will get unreadable.

Regards,

-- 
Nicolas Pouillard
http://nicolaspouillard.fr
_______________________________________________
sup-talk mailing list
sup-talk@rubyforge.org
http://rubyforge.org/mailman/listinfo/sup-talk

References:
- [sup-talk] how to replace (al)pine's passfile functionality
  - From: Erik Quaeghebeur <sup@equaeghe.nospammail.net>

Prev by Date: Re: [sup-talk] how to replace (al)pine's passfile functionality
Next by Date: Re: [sup-talk] charset warning when starting sup
Previous by thread: Re: [sup-talk] how to replace (al)pine's passfile functionality
Next by thread: [sup-talk] sup web interface
Index(es):
- Date
- Thread