I will say one thing about the method Carlos posted to remove the password file. I was aware of this, and I have seen posts like this in the past. Alpine has the ability to remove this password too, and I have posted in the past how to do this. This means, there are two ways to remove the password from the encryption key, and I will modify Alpine to force everyone to have a password in the encryption key.
Can I ask what the specific threat model is that this step is meant to combat?
An attacker with local root doesn't need to care about any disk encryption; he can read your decrypted master key and the plaintext of your IMAP passwords directly from memory. And of course a local attacker who doesn't have root can be guarded against simply with filesystem permissions.
So I think that the only attack that disk encryption defends against is the one where an attacker has physical access to your disk while the host is off. (Which is perhaps a realistic attack against someone travelling with a laptop, but is probably not an especially high risk for most home users working at their desktops?) But in that case, the attacker also has access to the plaintext of the Alpine binary and config files, and so could trivially re-derive Alpine's internally-generated key.
So I'm not clear what specific attacks such a measure would be meant to combat.
More importantly, security-conscious users are probably already using full-disk encryption (especially for laptops). And in that case, forcing an extra layer of per-application crypto on to them doesn't seem like it serves much purpose.
I think that it makes a ton of sense to have Alpine default to using its own strong crypto. But it should also be possible for sophisticated, security-conscious users to make their own decisions in this regard. I don't think it's a good idea for software to get into a combative relationship with its users...
I do agree that sometimes it is justified to force security measures on users in cases where it substantially improves the security stance of the internet at large. But I don't think that the current issue is one of those cases.
Thanks. -Jason _______________________________________________ Alpine-info mailing list [email protected] http://mailman12.u.washington.edu/mailman/listinfo/alpine-info
