diff options
| author | Lars Ingebrigtsen <larsi@gnus.org> | 2019-09-20 22:24:56 +0200 |
|---|---|---|
| committer | Lars Ingebrigtsen <larsi@gnus.org> | 2019-09-20 22:24:56 +0200 |
| commit | c3958e48f6a257fa7e681b2b39ea83d677bcb2f3 (patch) | |
| tree | 490d43e178e063349bcd014cd8b3069dc506d407 /lisp | |
| parent | 76c14b7191f5c30ceeb06a546b44b3bac03ea8e0 (diff) | |
| download | emacs-c3958e48f6a257fa7e681b2b39ea83d677bcb2f3.tar.gz emacs-c3958e48f6a257fa7e681b2b39ea83d677bcb2f3.tar.bz2 emacs-c3958e48f6a257fa7e681b2b39ea83d677bcb2f3.zip | |
Add some comments to the auth-source obfuscation
* lisp/auth-source.el (auth-source--obfuscate): Add comments.
Diffstat (limited to 'lisp')
| -rw-r--r-- | lisp/auth-source.el | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/lisp/auth-source.el b/lisp/auth-source.el index e608afca2db..365ed2fa284 100644 --- a/lisp/auth-source.el +++ b/lisp/auth-source.el @@ -1164,9 +1164,15 @@ FILE is the file from which we obtained this token." (defvar auth-source--session-nonce nil) (defun auth-source--obfuscate (string) + ;; We want to keep passwords out of backtraces and bug reports and + ;; the like, so if we have GnuTLS available, we encrypt them with a + ;; nonce that we just keep in memory. If somebody has access to the + ;; current Emacs session, they can be decrypted, but if not, little + ;; useful information is leaked. If you reset the nonce, you also + ;; have to call `auth-source-forget-all-cached'. (unless auth-source--session-nonce (setq auth-source--session-nonce - (apply #'string (cl-loop repeat 10 + (apply #'string (cl-loop repeat 32 collect (random 128))))) (if (and (fboundp 'gnutls-symmetric-encrypt) (gnutls-available-p)) |