On Montag, 17. Juni 2013 18:20:37 CEST, Jan Kundrát wrote:
On Monday, 17 June 2013 14:41:16 CEST, Thomas Lübking wrote:
Wouldn't that render Trojitá "unusable" for "non-DE" users
(openbox or so), eventually even the "minor" ones (xfce, lxde)?
That depends on what "unusable" means.
Typing passwords for every account and time one starts trojitá ;-)
Do you see it as a critical feature?
Using KDE: "not personally".
I however doubt I would use a MUA if I had to enter passwords for all logins
everytime i start it.
That does not mean i'd endorse unencrypted PW storage.
I'm not a big fan of this; disk encryption helps defend against
offline attacks, but does nothing against a random application
reading a configuration file from a well-known location on the
FS.
Errhemmm... since you apparently don't know: kwallet does not provide *any*
further protection. [1]
I'd prefer to spend my time writing a mail client, not
debugging, maintaining or reviewing patches for crypto code
dealing with password storage. If someone feels that doing this
within Trojita is a great thing to do
Certainly not. Custom crypto approaches in any direction usually turn out
failures.
The idea was that someone using eg. only openbox will rather not be challanged
by setting up a pam_mouted dm-crypt partition/image.
So as long as they're made aware that this is gonna be unsafe storage of
personal data and maybe be enabled to define a storage position
(/mnt/secrets/trojita.accounts) to not have to symlink the general config, that
should do.
If you're seeking security beyond offline encryption, you'll inevitably have to
ask for the (master) password, since at least kwallet (and i'm not sure about
the gnome pendant - client authorization is not particularily simple in this
context) do not provide that.
Actually I meant "Trojita session" as in "the process is running".
Ok, that's not too hard then ;-)
(On systems not scrambling memory, using the heap will get you more "security"
for free - not ultimately secure, but better than the predictable stack)
Cheers,
Thomas
[1] https://git.reviewboard.kde.org/r/110330/
