On Monday, 17 June 2013 14:41:16 CEST, Thomas Lübking wrote:
Wouldn't that render Trojitá "unusable" for "non-DE" users
(openbox or so), eventually even the "minor" ones (xfce, lxde)?
That depends on what "unusable" means. It will cause a regression in that the
passwords will no longer be remembered, and that user will have to enter their password
at Trojita's startup.
For me, this is not a problem and getting rid of the code for saving them on
disk in cleartext is a good move. Do you see it as a critical feature?
-> What about warning about the need to store PWs plaintext and
required to protect it on the system level? (symlink to
encrypted disk/image or USB stick)
I'm not a big fan of this; disk encryption helps defend against offline attacks, but does
nothing against a random application reading a configuration file from a well-known
location on the FS. Yes, I'm aware of the possibility to ptrace() or just reading the
memory image, but an on-disk file with cleartext password, even if the disk itself is
encrypted, just screams "wrong design" to me.
Otherwise and reg. support for multiple accounts there should
at least be a master PW to read encrypted account passwords from
HDD, yesno?
I'd prefer to spend my time writing a mail client, not debugging, maintaining
or reviewing patches for crypto code dealing with password storage. If someone
feels that doing this within Trojita is a great thing to do, more power to
them, though. It's just that the perspective of being able to offload this to a
systemwide, third-party code/library/daemon looks very, very appealing to me. I
do admit that the list of supported backends of the QtKeychain is rather
limited :(.
So, a tl;dr summary of my point of view:
- I do not use password storage myself, and so I don't care that much about it
- the less I have to deal with this, the better,
- still, I don't want to cause needless regression for the users.
We will have to ballance the convenience of users who "need PW storage" but "can't
be bothered to run bloat like KWallet" with the comfort of us supporting less code and
security of not having passwords on disk in cleartext.
PWs shall still be "remembered" in memory while the session is active)
Whatever the approach to this would be (assuming "session"
means "until logged out" and not "while process alive") do NOT
abuse the X11 server to "temporarily" store it. Everybody and
everything could read it from there anytime.
Actually I meant "Trojita session" as in "the process is running".
Cheers,
Jan
--
Trojitá, a fast Qt IMAP e-mail client -- http://trojita.flaska.net/
