Opened 18 months ago

Last modified 8 months ago

#2081 open defect

Local Susimail cache should be encrypted with user's password

Reported by: Reportage Owned by:
Priority: major Milestone: undecided
Component: apps/susimail Version: 0.9.32
Keywords: susimail, login, unencrypted cache Cc: str4d
Parent Tickets:

Description

Currently local mail cached by susimail is accessible and readable without
a password.. logging in to a known user's account in Susimail can be achieved
without supplying a password to read mail, or the local cache dir can be
accessed to read downloaded mails.

In the interests of security, offline mail should be encrypted and only
accessible via Susimail once the user has logged in with the correct password.

Subtickets (add)

#2312: Susimail GUI login cached bypassingdefectclosedzzz

Change History (6)

comment:1 Changed 18 months ago by zzz

  • Cc str4d added
  • Status changed from new to open

Yeah, the cache files are mode 600 but you can supply any or no password to see them through the web UI. That's because the password is the POP server password, we don't persist or validate the password (or hash). We need the username for offline viewing to match it to the correct cache dir. You can set a separate user/password for the whole console (including susimail) on /configui .

So the susimail password form is at best misleading as user's expectations are probably that the password is necessary to view local mail.

Not sure if we want to go as far as local encryption - not even Thunderbird does that - but I wonder what i2pbote does, let's ask str4d. We've never encrypted anything on disk in the standard i2p package, we don't have a set of libs for that, and would have to select a particular encryption type and parameters. If we do decide to encrypt, that would be phase two.

comment:2 Changed 18 months ago by zzz

  • Milestone changed from 0.9.33 to 0.9.35

Not easy, no decisions yet, and won't happen for .33

comment:3 Changed 17 months ago by zzz

str4d and I discussed briefly at 34c3. Detailed review to follow.

comment:4 Changed 12 months ago by zzz

  • Milestone changed from 0.9.35 to 0.9.37

nowhere on str4d's priority list, pushing out

comment:5 Changed 8 months ago by zzz

Add a subticket #2312.

comment:6 Changed 8 months ago by zzz

  • Milestone changed from 0.9.37 to undecided
Note: See TracTickets for help on using tickets.