[sylpheed:32966] Re: feature request - master password to protect all account passwords

stef stef_204 at yahoo.com
Fri May 8 00:53:35 JST 2009 

--- On Wed, 5/6/09, Hiroyuki Yamamoto <hiro-y at kcn.ne.jp> wrote:

> From: Hiroyuki Yamamoto <hiro-y at kcn.ne.jp>
> Subject: [sylpheed:32965] Re: feature request - master password to protect all account passwords
> To: sylpheed at sraoss.jp
> Date: Wednesday, May 6, 2009, 11:06 PM
> Hello,
> 
> Sorry for the delayed response, because I was away on
> vacation.
> 
> On Sat, 2 May 2009 10:31:29 -0700 (PDT)
> stef <stef_204 at yahoo.com> wrote:
> 
> > 
> > --- On Sat, 5/2/09, Bob White
> <bob at bob-white.com> wrote:
> > 
> > > From: Bob White <bob at bob-white.com>
> > > Subject: Re: [sylpheed:32959] Re: feature request
> - master password
> > > to protect all account passwords To:
> sylpheed at sraoss.jp
> > > Cc: stef_204 at yahoo.com, sylpheed at sraoss.jp
> > > Date: Saturday, May 2, 2009, 8:48 AM
> > > On Sat, 2 May 2009 07:30:51 -0700 (PDT)
> > > stef <stef_204 at yahoo.com> wrote:
> > > 
> > > > 
> > > > Hi,
> > > > 
> > > > Just a quick summary on this security issue:
> > > > 
> > > > Actually there are 2 issues: a) protect
> against
> > > someone gaining access to Sylpheed by starting it
> up and
> > > doing send/receive.
> > > > b) protect against someone reading
> > > .sylpheed-2.0/accountrc
> > > > 
> > > > The only things I can think of for a) are:
> > > > 
> > > > 1) Lock my session if I leave my desk at
> work; for
> > > those whom do not use a Desktop Manager (KDE,
> Gnome, etc.)
> > > but only a Window Manager (fluxbox, Openbox,
> etc.) it is a
> > > bit complicated.
> > > > 
> > > > 2) Protect the .sylpheed-2.0/accountrc file
> with
> > > proper permissions:
> > > > 
> > > > Mine is:
> > > > % ls -l .sylpheed-2.0/accountrc
> > > > -rw------- 1 stef stef 10641 2009-05-01
> 00:09
> > > .sylpheed-2.0/accountrc
> > > > 
> > > > But the above doesn't help with anyone
> gaining
> > > access as "myself" when my box is
> running but I am
> > > away from my desk.
> > > > 
> > > > 3) Do not store the passwords: not a very
> good option
> > > as I check over 10 accounts and use complex
> passwords very
> > > difficult to remember.  So that would be too
> inconvenient.
> > > > 
> > > > The model 'passwords behind a
> password',
> > > meaning a master password that would
> encrypt/decrypt (or a
> > > gpg signature) the .sylpheed-2.0/accountrc file
> and then
> > > lets Sylpheed read it would seem to make sense. 
> But
> > > developer efforts to implement need to be
> considered, as the
> > > developer's time might be better served in
> focusing on
> > > email features rather than security features. 
> Hiro's
> > > feedback on this issue would be nice.
> > > > 
> > > > That summarizes my view of this issue.
> > > > 
> > > > Thanks.
> > > > 
> > > 
> > > To implement a quasi secure accountrc file it
> would be
> > > fairly
> > > straightforward.  Instead of starting sylpheed
> directly,
> > > run a script:
> > > 1) decrypt sylpheedrc
> > > 2) run sylpheed
> > > 3) sylpheed exits -> encrypt sylpheedrc
> > > 
> > > I'm not sure how to implement this with MS
> Windows. 
> > > Maybe a Windows
> > > expert can tell us. :)
> > > 
> > > Your account passwords are encrypted unless you
> are
> > > actually running
> > > sylpheed.  Personally, I lock my session when
> I'm not
> > > at the computer.
> > > If I forget, it locks with the screensaver after
> 10
> > > minutes.  That
> > > seems like enough security for email password for
> me, but I
> > > also have
> > > little exposure to other people physically
> accessing my
> > > computer.
> > > 
> > > I also use sdm
> (http://freshmeat.net/projects/sdm) to
> > > remember the
> > > hundreds of password I seem to need (email web
> sites,
> > > etc.).  I never
> > > use the same password for two locations.
> > > 
> > > 
> > > Bob W.
> > 
> > Bob, I guess you have an idea there with the scripting
> in Linux.
> > 
> > You should be able to do that in Windows as well by
> using gpg and a
> > batch file I believe: write your own script.cmd file
> and put in there
> > the commands.  And run it to 1) decrypt and 2) launch
> Sylpheed
> > 
> > But I don't know if in Windows you can start gpg
> in command line with
> > parameters, etc.--but I don't see why it
> wouldn't be possible.
> > 
> > It would be a bit convoluted as far as an email client
> is concerned
> > and I thought having an optional Master Password
> feature (like
> > Thunderbird has) would be an improvement in security.
> > 
> > Here's some more info I found:
> > 
> >
> <http://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html>
> > 
> > Anyway, I have harped on this issue enough and
> don't want to wear out
> > my welcome....
> > 
> > Perhaps Hiro will have some comments.
> 
> Actually I have received many requests about master
> password feature.
> It will be implemented at some point in the future.
> 
> Currently I'm thinking how it should be implemented.
> My current idea is:
>  - encrypt passwords with AES-128 (or something) with
> master password
>  - accountrc: password=(base64-encoded encrypted password)
>               (or encrypt the whole accountrc?)
>  - sylpheedrc: use_master_password=0/1
> 
> Of course this doesn't prevent someone gaining access
> to your computer
> and take a look at already stored e-mails (they are also
> stored in plain
> text).
> 
> -- 
> Hiroyuki Yamamoto <hiro-y at kcn.ne.jp>

Hiro,

Thanks for your reply.

If one deletes the plain text passwords, and then only uses passwords in connection with the Master Password, it should prevent other users gaining access to your passwords without the Master Password, no?

If the passwords are also always concurrently stored in plain text, in some file, then it would not make sense to implement a Master Password....

More information about the Sylpheed mailing list