Suppress master password prompt

Post by Jukka Lahtinen
I run alpine on Linux, Fedora 26, and I use the -passfile option to not
have to type the password every time I start it.
Yesterday I updated my alpine to version 2.21-3 from the Fedora updates
repository.

Many repros do *NOT* compile in the password file option.
Would that be your issue?

I've always compiled my own from source -- linux and FreeBSD.
Ain't that difficult.

HTHJ
onesy

Jukka Lahtinen

2017-08-29 03:54:03 UTC

Post by Allodoxaphobia

Many repros do *NOT* compile in the password file option.
Would that be your issue?

No.
It HAS the -passfile option, and with that, alpoine does not require the
password to the mailbox itself, but a master password for reading the
password file. I would like to suppress the MASTER password prompt.

Post by Allodoxaphobia
I've always compiled my own from source -- linux and FreeBSD.
Ain't that difficult.

I know it's possible, but I prefer using the binaries from the
repository. Less work since so far I haven't used any patches.

--
Jukka Lahtinen

Lucas Levrel

2017-08-29 10:33:29 UTC

Post by Allodoxaphobia

Many repros do *NOT* compile in the password file option.
Would that be your issue?

To me, the "feature" you're facing sounds like an addition by Fedora's
alpine maintainer.

--
LL
Ἕν οἶδα ὅτι οὐδὲν οἶδα (Σωκράτης)

Jukka Lahtinen

2017-08-30 06:31:03 UTC

Post by Lucas Levrel

Post by Jukka Lahtinen
I run alpine on Linux, Fedora 26, and I use the -passfile option to not
have to type the password every time I start it.

It HAS the -passfile option, and with that, alpoine does not require the
password to the mailbox itself, but a master password for reading the
password file. I would like to suppress the MASTER password prompt.

To me, the "feature" you're facing sounds like an addition by Fedora's
alpine maintainer.

That's possible, I wouldn't know the difference.
So alpine from the original source isn't supposed to ask for any master
passwords to use the file?

--
Jukka Lahtinen

Eduardo Chappa

2017-08-30 07:36:55 UTC

Post by Jukka Lahtinen
Is there a way to suppress the master password prompt? I didn't find a
configuration option for that. I don't see much point in the -passfile
option if I need to type a master password anyway..

I am sorry to be the bearer of bad news, but yes there is a way, but you
would have to read the code to see what to do.

Here is the problem with what you are asking. It is a trade off. You win
something, you lose something.

What do you win: Your password file is secure. You need a password to
decrypt it, so if someone were to steal your password file, and whatever
is necessary for its decryption, that hacker would still not have access
to your accounts, and hack other systems on your behalf. Without this
addition, it used to be possible just to steal your password file adn hack
away. Now it is not possible to do so.

What do you lose: the ability to start Alpine and open any and all of your
accounts automatically. I imagine it is annoying for you to do this. This
is only done once per session, and there is very little in the code in
terms of policy of what constitutes a good master password, so play with
your imagination about what you want to make it.

Having said all of this. If you investiate how the password file works,
you will find a way to get rid of the master password. I just don't say
this in public (or private) so that people do not start shooting
themselves on their foot, but the door is open if you know how to cross
it.

--
Eduardo
http://alpine.freeiz.com/alpine/ (Web)
http://repo.or.cz/alpine.git (Git)

Lucas Levrel

2017-08-30 12:33:04 UTC

Hi Eduardo, and all,

What do you win: Your password file is secure. You need a password to decrypt
it, so if someone were to steal your password file, and whatever is necessary
for its decryption, that hacker would still not have access to your accounts,
and hack other systems on your behalf. Without this addition, it used to be
possible just to steal your password file adn hack away. Now it is not
possible to do so.

Your post is very instructive as always. However, I don't understand how
the possession of my password to mail server X would enable a pirate to
hack anything other than my email account on X?

--
LL
Ἕν οἶδα ὅτι οὐδὲν οἶδα (Σωκράτης)

Eduardo Chappa

2017-08-31 02:12:29 UTC

Post by Lucas Levrel
Hi Eduardo, and all,

Post by Eduardo Chappa
What do you win: Your password file is secure. You need a password to
decrypt it, so if someone were to steal your password file, and
whatever is necessary for its decryption, that hacker would still not
have access to your accounts, and hack other systems on your behalf.
Without this addition, it used to be possible just to steal your
password file adn hack away. Now it is not possible to do so.

Your post is very instructive as always. However, I don't understand how
the possession of my password to mail server X would enable a pirate to
hack anything other than my email account on X?

In essence your password is your key to the entrance door. Once a hacker
has that key, a hacker can use your credentials to explore weaknesses in
that system. For example, it could try to send special packets to the
server that are known to have caused problems to see if the server is
vulnerable to some attacks, and all of that under your name.

A hacker could also sell your password to a spammer, and under your name
abuse the system by sending million of email messages.

All this will disrupt your service and may or may not terminate it, but
for sure it will disrupt it. This is the reason why we do not post
passwords in the internet.

In previous versions of Alpine, the password file was not encrypted, so it
was easy to decrypt it as long as you got a hold of it. Now the default
will be to encrypt it, and will not allow you to decrypt it without a
password.

--
Eduardo
http://alpine.freeiz.com/alpine/ (Web)
http://repo.or.cz/alpine.git (Git)

Jukka Lahtinen

2017-09-01 18:54:34 UTC

I am sorry to be the bearer of bad news, but yes there is a way, but you
would have to read the code to see what to do.

I downloaded and unpacked the source packet and took a little glance,
but not being familiar with the code I didn't notice anything that
wouldn't require recompiling.. of course I may have looked at a wrong
place.

Post by Eduardo Chappa
What do you win: Your password file is secure. You need a password to
decrypt it, so if someone were to steal your password file, and whatever
is necessary for its decryption, that hacker would still not have access
to your accounts, and hack other systems on your behalf. Without this

I a hacker could get the password file, that would mean they would
already somehow have gained access to my home directory in my home
computer, so the damage would already have been done.

Post by Eduardo Chappa
What do you lose: the ability to start Alpine and open any and all of your
accounts automatically. I imagine it is annoying for you to do this. This
is only done once per session, and there is very little in the code in

But I thought the whole purpose of the -passfile option was to avoid the
password prompt. As I said, I don't see much point in that if a master
password is prompted anyway.

--
Jukka Lahtinen

Eduardo Chappa

2017-09-01 21:34:50 UTC

Post by Eduardo Chappa
I am sorry to be the bearer of bad news, but yes there is a way, but
you would have to read the code to see what to do.

I am not saying looking at this is easy. It requires some expertise and to
know what to look for. Not an easy task.

I a hacker could get the password file, that would mean they would
already somehow have gained access to my home directory in my home
computer, so the damage would already have been done.

It seems that you are equating hacking into your computer and hacking into
a remote server. Neither implies the other. The goal of hacking into your
computer is to find sensitive information, so the hacker can go elsewhere
with this information and wreak havoc.

Post by Eduardo Chappa
What do you lose: the ability to start Alpine and open any and all of
your accounts automatically. I imagine it is annoying for you to do
this. This is only done once per session, and there is very little in
the code in

But I thought the whole purpose of the -passfile option was to avoid the
password prompt. As I said, I don't see much point in that if a master
password is prompted anyway.

That is certainly one of the purposes (not the only one) but in today's
world it would be naive to believe that your convenience is more important
than your security. Nobody likes to be vaccinated, but that does not make
it less desirable. The benefits outweight the inconvenience.

I realize that you have a point, but creating password files that do not
need passwords is the same that not encrypting them at all, and serves no
purpose. In some moment a security layer that cannot be easily decrypted
is needed.

I am not trying to tell you I am right, or you are wrong. Just trying to
explain the rationale behind the decision. If you disagre with the
decision, there are ways to do what you want, but I do not believe I would
want to tell you how to do so in a public forum.

--
Eduardo
http://alpine.freeiz.com/alpine/ (Web)
http://repo.or.cz/alpine.git (Git)

Jukka Lahtinen

2017-09-02 09:38:52 UTC

Post by Eduardo Chappa
What do you win: Your password file is secure. You need a password to
decrypt it, so if someone were to steal your password file, and

I a hacker could get the password file, that would mean they would
already somehow have gained access to my home directory in my home
computer, so the damage would already have been done.

No, I just disagree on the need of typing another password for the mail
client to access an individual file I consider already secured enough,
so I would prefer having the master password prompt optional.
I am not confident enough to have that file the ONLY place where I store
the passwords anyway, especially when it is encrypted, it is just a
convenience thing.

Post by Jukka Lahtinen
But I thought the whole purpose of the -passfile option was to avoid the
password prompt. As I said, I don't see much point in that if a master
password is prompted anyway.

That is certainly one of the purposes (not the only one) but in

To me it is.

Post by Eduardo Chappa
world it would be naive to believe that your convenience is more important
than your security. Nobody likes to be vaccinated, but that does not make
it less desirable. The benefits outweight the inconvenience.

Vaccination is a different thing, you don't have to repeat it every time
you go out.

Post by Eduardo Chappa
I am not trying to tell you I am right, or you are wrong. Just trying to
explain the rationale behind the decision. If you disagre with the

Likewise..

--
Jukka Lahtinen

Eduardo Chappa

2017-09-02 21:49:54 UTC

Post by Eduardo Chappa
What do you win: Your password file is secure. You need a password to
decrypt it, so if someone were to steal your password file, and

I a hacker could get the password file, that would mean they would
already somehow have gained access to my home directory in my home
computer, so the damage would already have been done.

No, I just disagree on the need of typing another password for the mail
client to access an individual file I consider already secured enough,

I think we will have to agree to disagree on this one. That you consider
it secure enough does not make it more secure. If you keep a file
that has been secured without a password, it will be a game of kids to
decrypt it. Your feeling of being secure is just that. It does not make it
a fact.

Post by Jukka Lahtinen
so I would prefer having the master password prompt optional. I am not
confident enough to have that file the ONLY place where I store the
passwords anyway, especially when it is encrypted, it is just a
convenience thing.

That is something I don't get. The password file has some level of
encrytion. In the past it used to look something like several lines like
this

asdasd ert4673 4746yerhyetyry 1
asdasasa 363653t354ededhdfgdfhd s365asdd 0

or so. The code to decrypt this was in the same program, freely available.
No need for password to decode it. You are telling me that this works
better for you. That is fine. I accept it. It just seems you got your
priorities backward. I mean, if you are fine with the way of the past,
then your reasoning above is flawed, because the old style did not help
you with your priority today (all paswords in the same file) and you are
not arguing that the password file support was wrong in the past either...

Post by Jukka Lahtinen
But I thought the whole purpose of the -passfile option was to avoid
the password prompt. As I said, I don't see much point in that if a
master password is prompted anyway.

That is certainly one of the purposes (not the only one) but in

To me it is.

As an implementor, your purpose is not the only purpose, nor the only
purpose that matters. As an implementor, I have to watch for your safety,
even when you do not want to.

Post by Eduardo Chappa
world it would be naive to believe that your convenience is more
important than your security. Nobody likes to be vaccinated, but that
does not make it less desirable. The benefits outweight the
inconvenience.

Vaccination is a different thing, you don't have to repeat it every time
you go out.

I think most people would realize that the parallel was meant to
illustrate that convenience is not always the reason why we do something.
Not why we do something *every day*.

Maybe a better analogy will help you understand my point: If you think
mater passwords are a bad inconvenience, then maybe you should take it
even further and get rid of all the locks in the place you live, and
therefore all your keys. They are inconvenient because you have to get
your keys out every day to open the door to your house/apartment. No need
of a key for a car, it should start without one, right? I mean, what could
go wrong if you do that, right? (the last sentence was meant to be ironic
and rhetorical.)

There is a purpose on using master passwords, it is to keep you safe,
despite your best efforts to try to do it otherwise.

However, you should keep investigating how to get rid of the password for
the password file. It is just that I do not think I should volunteer that
information. It is no different than closing a door and not locking it. It
does not serve much purpose, and people should not do it, so I do not
publicize how to do this.

Post by Eduardo Chappa
I am not trying to tell you I am right, or you are wrong. Just trying
to explain the rationale behind the decision. If you disagre with the

Likewise..

I am glad we agree on something :)

--
Eduardo
http://alpine.freeiz.com/alpine/ (Web)
http://repo.or.cz/alpine.git (Git)

Jukka Lahtinen

2017-09-03 12:39:00 UTC

it secure enough does not make it more secure. If you keep a file that has
been secured without a password, it will be a game of kids to decrypt
it. Your feeling of being secure is just that. It does not make it a fact.

But before decrypting anything, one would first need to access it.

mater passwords are a bad inconvenience, then maybe you should take it
even further and get rid of all the locks in the place you live, and
therefore all your keys. They are inconvenient because you have to get

I have a lock on my door, and I type a username and a password to log in
on my computer.

--
Jukka Lahtinen

Jukka Lahtinen

2017-09-03 12:41:03 UTC

Post by Jukka Lahtinen
I have a lock on my door, and I type a username and a password to log in
on my computer.

..and I also don't allow logins form arbitrary ip addresses.

--
Jukka Lahtinen

Eduardo Chappa

2017-09-03 16:46:20 UTC

Post by Jukka Lahtinen
I have a lock on my door, and I type a username and a password to log in
on my computer.

..and I also don't allow logins form arbitrary ip addresses.

And that is not what is needed to hack into a computer. It is convenient
for a hacker, but it is not what is needed. Keep protecting your data by
encrypting it. Encrypting is so safe that when hackers hijack your
computer they encrypt your data to make you pay a ransom to decrypt it.
Many people (and big companies) actually pay for it, because they realize
that there is nothing they will be able to do to get their data back, so
encrypting a password file is a good way to keep our data safe.

I realize it is inconvenient. I am sorry about that. Make it part of your
daily routine, just like unlocking doors and you will feel the burden
less.

--
Eduardo
http://alpine.freeiz.com/alpine/ (Web)
http://repo.or.cz/alpine.git (Git)

Eduardo Chappa

2017-09-03 16:37:01 UTC

it secure enough does not make it more secure. If you keep a file that
has been secured without a password, it will be a game of kids to
decrypt it. Your feeling of being secure is just that. It does not make
it a fact.

But before decrypting anything, one would first need to access it.

Yes, and that is the point. No matter how safe you feel about nobody being
able to access your files, you cannot guarantee that. If you research in
the internet you will find that there are means to hack into computers
that do not connect to the internet(yes, it is not a typo, I meant to
write *DO NOT* connect to the internet.) I am not sure why you feel that
you are safe. If a bad hacker wants your data, they will have it. My
advice is that you protect it.