Add some comments to the auth-source obfuscation

* lisp/auth-source.el (auth-source--obfuscate): Add comments.
author: Lars Ingebrigtsen 2019-09-20 22:24:56 +0200
committer: Lars Ingebrigtsen 2019-09-20 22:24:56 +0200
commit: c3958e48f6a257fa7e681b2b39ea83d677bcb2f3 (patch)
tree: 490d43e178e063349bcd014cd8b3069dc506d407
parent: 76c14b7191f5c30ceeb06a546b44b3bac03ea8e0 (diff)
download: emacs-c3958e48f6a257fa7e681b2b39ea83d677bcb2f3.tar.gz
emacs-c3958e48f6a257fa7e681b2b39ea83d677bcb2f3.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/lisp/auth-source.el b/lisp/auth-source.el
index e608afca2db..365ed2fa284 100644
--- a/lisp/auth-source.el
+++ b/lisp/auth-source.el
@@ -1164,9 +1164,15 @@ FILE is the file from which we obtained this token."
 (defvar auth-source--session-nonce nil)
 (defun auth-source--obfuscate (string)
+  ;; We want to keep passwords out of backtraces and bug reports and
+  ;; the like, so if we have GnuTLS available, we encrypt them with a
+  ;; nonce that we just keep in memory.  If somebody has access to the
+  ;; current Emacs session, they can be decrypted, but if not, little
+  ;; useful information is leaked.  If you reset the nonce, you also
+  ;; have to call `auth-source-forget-all-cached'.
  (unless auth-source--session-nonce
    (setq auth-source--session-nonce
-          (apply #'string (cl-loop repeat 10
+          (apply #'string (cl-loop repeat 32
                                   collect (random 128)))))
  (if (and (fboundp 'gnutls-symmetric-encrypt)
           (gnutls-available-p))
author	Lars Ingebrigtsen	2019-09-20 22:24:56 +0200
committer	Lars Ingebrigtsen	2019-09-20 22:24:56 +0200
commit	c3958e48f6a257fa7e681b2b39ea83d677bcb2f3 (patch)
tree	490d43e178e063349bcd014cd8b3069dc506d407
parent	76c14b7191f5c30ceeb06a546b44b3bac03ea8e0 (diff)
download	emacs-c3958e48f6a257fa7e681b2b39ea83d677bcb2f3.tar.gz emacs-c3958e48f6a257fa7e681b2b39ea83d677bcb2f3.zip