-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


El 2023-12-01 a las 12:43 -0800, [email protected] escribió:

 I will say one thing about the method Carlos posted to remove the password
 file. I was aware of this, and I have seen posts like this in the past.
 Alpine has the ability to remove this password too, and I have posted in
 the past how to do this. This means, there are two ways to remove the
 password from the encryption key, and I will modify Alpine to force
 everyone to have a password in the encryption key.

Can I ask what the specific threat model is that this step is meant to combat?

For example, a person that has (temporary) access to the machine, can open Alpine and read the mail; likely also write and send email. This can be used to get access to a bank account or to purchases. In the read emails there can be private information of other people that they sent to you, in confidence. An identity could be stolen.

Depending on software, they might read the mail accounts passwords, and with that, go away and access your email from their home.


Possibly there is nobody in the premises with physical access to your machine, but you never know, if you get visitors. Or your machine could break down, and you may have technical service having a look at it.


That said, software like Thunderbird has the master password as optional. Obviously, I set it up, but some (many?) people don't.

Also once I open and enter the password to Alpine or Thunderbird, the application will be open for (many) days, not asking for the password again. The only protection is the desktop user password (when the screen saver kicks in).

There is other software that has mail passwords in plain text files (postfix, for instance). it is a daemon, it can not ask for user interaction.


- -- Cheers
       Carlos E. R.

       (from openSUSE 15.5 (Laicolasse))

-----BEGIN PGP SIGNATURE-----

iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZW3TCxwccm9iaW4ubGlz
dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVnREAnRM+TgYs75z4ylZ1TcR9
w3SPLUrDAJwLxVOfr93LKSehfeoPheqUJ/ZySQ==
=7THh
-----END PGP SIGNATURE-----
_______________________________________________
Alpine-info mailing list
[email protected]
http://mailman12.u.washington.edu/mailman/listinfo/alpine-info

Reply via email to