Loading ...
Sorry, an error occurred while loading the content.

Re: encrypt/decrypt functions for a session

Expand Messages
  • Matt Wozniski
    ... Glad to hear it. :) ... Sure, I understand that you could use it as a key to encrypt the password, but what I m really asking is what you gain from that.
    Message 1 of 33 , Dec 3, 2007
    • 0 Attachment
      On Dec 3, 2007 2:05 PM, Charles E. Campbell, Jr. wrote:
      >
      > Matt Wozniski wrote:
      >
      > > Fixing that to use a script-local variable would definitely be
      > >a worthwhile change that should be made ASAP, though it still wouldn't
      > >protect you from plaintext passwords being in your core files.
      >
      > Yes, I've done that for v116g.

      Glad to hear it. :)

      > >While we're at it, what is a reasonable use-case for why someone would
      > >need a getpid() function? Why would we need to know our PID?
      > >
      > >
      > Assuming that I have an encrypt/decrypt function pair, the pid could be
      > used as a single-session p/w that would be transparent to the user. I
      > don't see any point in saving a ftp password but requiring the user to
      > enter some other password to make the ftp password available. Such
      > things as recording the hundredth of a second that vim/gvim started
      > along with the pid would act as an improved session-only password.

      Sure, I understand that you could use it as a key to encrypt the
      password, but what I'm really asking is what you gain from that. Is it
      really more secure to have an encrypted string and its decryption key
      stored in memory than it is to have an unencrypted string in memory?
      Particularly on an open-source project where anyone who wants to can
      view your source code?

      ~Matt

      --~--~---------~--~----~------------~-------~--~----~
      You received this message from the "vim_dev" maillist.
      For more information, visit http://www.vim.org/maillist.php
      -~----------~----~----~----~------~----~------~--~---
    • Tony Mechelynck
      ... by making the check a part of whatever routine you use to supply the stored password. ... You could add additional checks, e.g. in CursorHold, CursorHoldI
      Message 33 of 33 , Dec 5, 2007
      • 0 Attachment
        thomas wrote:
        > On Dec 6, 5:06 am, Tony Mechelynck <antoine.mechely...@...>
        > wrote:
        >> thomas wrote:
        >> Vim can store the current time -- see ":help reltime()". Store it when the
        >> user types in the master password, compare it with the time when a password is
        >> needed, and ask the master password again if the time interval is "too long".
        >
        > Yes, but how do you make sure the interval is ever checked?

        by making the check a part of whatever routine you use to supply the stored
        password.

        > IIRC
        > CursorHold[I] events don't get triggered when vim doesn't have the
        > focus. And you don't know which value 'updatetime' has. If you check
        > only when the password is accessed, somebody could use the :debug
        > trick
        > even hours/days after you last used the password.

        You could add additional checks, e.g. in CursorHold, CursorHoldI and/or
        FocusGained autocommands.

        >
        > BTW I would really like to see timer events that get triggered even
        > when
        > vim is in the background. I started writing a kind of PIM plugin but
        > stopped at about 80% because I didn't have the time to find a way to
        > reliably show alarms in a cross-platform manner. But this is a
        > different subject of course.
        >
        > thomas.

        Maybe you could use some external program (such as Unix's "at" or "cron", but
        possibly handcrafted to use shorter timespans) to periodically trigger
        something in your Vim instance via the |clientserver| feature? IIUC, it could
        even be a Vim script running on the "client" Vim, looping forever with a
        ":sleep" command in the loop, and periodically triggering some effect in the
        "server" Vim.


        Best regards,
        Tony.
        --
        Paul's Law:
        You can't fall off the floor.

        --~--~---------~--~----~------------~-------~--~----~
        You received this message from the "vim_dev" maillist.
        For more information, visit http://www.vim.org/maillist.php
        -~----------~----~----~----~------~----~------~--~---
      Your message has been successfully submitted and would be delivered to recipients shortly.