Loading ...
Sorry, an error occurred while loading the content.
 

Re: encrypt/decrypt functions for a session

Expand Messages
  • Charles E. Campbell, Jr.
    ... Where s the part where I said I d store the session pid in some variable? Something like getpid() would be called during encrypt/decrypt, not stored. Chip
    Message 1 of 33 , Dec 3 1:59 PM
      Matt Wozniski wrote:

      >On Dec 3, 2007 2:05 PM, Charles E. Campbell, Jr. wrote:
      >
      >
      >>Assuming that I have an encrypt/decrypt function pair, the pid could be
      >>used as a single-session p/w that would be transparent to the user. I
      >>don't see any point in saving a ftp password but requiring the user to
      >>enter some other password to make the ftp password available. Such
      >>things as recording the hundredth of a second that vim/gvim started
      >>along with the pid would act as an improved session-only password.
      >>
      >>
      >
      >Sure, I understand that you could use it as a key to encrypt the
      >password, but what I'm really asking is what you gain from that. Is it
      >really more secure to have an encrypted string and its decryption key
      >stored in memory than it is to have an unencrypted string in memory?
      >Particularly on an open-source project where anyone who wants to can
      >view your source code?
      >
      >

      Where's the part where I said I'd store the session pid in some
      variable? Something like getpid() would be called during
      encrypt/decrypt, not stored.

      Chip Campbell


      --~--~---------~--~----~------------~-------~--~----~
      You received this message from the "vim_dev" maillist.
      For more information, visit http://www.vim.org/maillist.php
      -~----------~----~----~----~------~----~------~--~---
    • Tony Mechelynck
      ... by making the check a part of whatever routine you use to supply the stored password. ... You could add additional checks, e.g. in CursorHold, CursorHoldI
      Message 33 of 33 , Dec 5 9:29 PM
        thomas wrote:
        > On Dec 6, 5:06 am, Tony Mechelynck <antoine.mechely...@...>
        > wrote:
        >> thomas wrote:
        >> Vim can store the current time -- see ":help reltime()". Store it when the
        >> user types in the master password, compare it with the time when a password is
        >> needed, and ask the master password again if the time interval is "too long".
        >
        > Yes, but how do you make sure the interval is ever checked?

        by making the check a part of whatever routine you use to supply the stored
        password.

        > IIRC
        > CursorHold[I] events don't get triggered when vim doesn't have the
        > focus. And you don't know which value 'updatetime' has. If you check
        > only when the password is accessed, somebody could use the :debug
        > trick
        > even hours/days after you last used the password.

        You could add additional checks, e.g. in CursorHold, CursorHoldI and/or
        FocusGained autocommands.

        >
        > BTW I would really like to see timer events that get triggered even
        > when
        > vim is in the background. I started writing a kind of PIM plugin but
        > stopped at about 80% because I didn't have the time to find a way to
        > reliably show alarms in a cross-platform manner. But this is a
        > different subject of course.
        >
        > thomas.

        Maybe you could use some external program (such as Unix's "at" or "cron", but
        possibly handcrafted to use shorter timespans) to periodically trigger
        something in your Vim instance via the |clientserver| feature? IIUC, it could
        even be a Vim script running on the "client" Vim, looping forever with a
        ":sleep" command in the loop, and periodically triggering some effect in the
        "server" Vim.


        Best regards,
        Tony.
        --
        Paul's Law:
        You can't fall off the floor.

        --~--~---------~--~----~------------~-------~--~----~
        You received this message from the "vim_dev" maillist.
        For more information, visit http://www.vim.org/maillist.php
        -~----------~----~----~----~------~----~------~--~---
      Your message has been successfully submitted and would be delivered to recipients shortly.