We certainly want to do something better than passfile for UNIX. The
passfile was a hack for the old 640K DOS-based PC Pine. It was never
intended for UNIX Pine.
Passfile is abolished in the latest Windows PC Alpine; we now use
Microsoft's Wincred. Similarly, Alpine uses the keyring on Mac OS X.
I can't understand how anyone could seriously advocate having passfile
enabled in any UNIX-type distribution. If we did such a thing, we'd be
flamed to a crisp for being "insecure by design". We see Microsoft
regularly roasted in slashdot over far more minor security issues. IMHO,
we're lucky that we never got burned over the PC Pine passfile.
Anyway, it would help in these discussions to have more light, and less
heat. We don't need to be cajoled (or threatened) into doing something
better. The only issue is in determining what that "something better" is.
With that in mind:
On Sun, 18 Feb 2007, Kolbjørn Barmen wrote:
Please.. PGP/gnupg - for signing, encryption and decryption of mail
so why not also for encryption of the password file?
To help my understanding:
How would Alpine access the decryption key in this case?
If it's stored on in a file in the user's directory, then we're back to
square one. The bad guy has to steal two files instead of one; but
basically this is just "security through obscurity".
How do you prevent some non-Alpine program from accessing this data? A
claimed benefit of keyring type systems is that the keyring system locks
out other applications from accessing that data (I don't know how true
this claim is though).
If the user enters the decryption key when he runs Alpine, doesn't that
defeat the purpose of the passfile? I can see the benefit when there are
multiple passwords for multiple servers; in this case, one password
unlocks a "password vault" that Alpine can then use for the rest of the
session. But that doesn't help the typical user who just has one password
that Alpine needs to use.
Are you thinking about something like a biometric key; e.g., the user
swipes his finger over a fingerprint scanner and that unlocks the password
vault?
If you're doing this on a site basis, wouldn't Kerberos end up being
easier?
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
