Re: encrypt.el in No Gnus 0.7

[Ted Zlatanov]

On Tue, 06 Nov 2007 22:11:12 +0100 Reiner Steib <address@hidden> wrote: 

RS> I think it would be useful to have at least one builtin encryption
RS> (without requiring external programs) in Emacs, if possible.

RS> The cipher should be significantly better than obfuscation (ROT13) but
RS> it doesn't need to be as GPG's ciphers.  I'm thinking of protection of
RS> for not-too-valuable stuff like email and NNTP passwords
RS> (e.g. passwords that are stored completely unprotected on disk by many
RS> users up to now) against (accidentally?) exposing it to your
RS> administrator, colleagues, family members, etc.

RS> How strong or week are the builtin ciphers compared to e.g. the
RS> algorithm used in Firefox/Thunderbird's password manager (I couldn't
RS> find out which cipher the use)?  How long does it take on a "standard
RS> PC" to break an ~/.authinfo file protected with a password of say 8
RS> chars?

The XOR cipher is trivial (it would take a few seconds to a few minutes
to break it) but it's slightly better than ROT-13.  I can write
something stronger, or a steganographic cipher which might be more
interesting.  Reimplementing AES, for example, would be too slow and
unnecessary for an Lisp-based cipher.

Firefox uses a plugin-based security device, and I can't find the
default cipher it uses.  It's much stronger than XOR, though.

Ted