Local Susimail cache should be encrypted with user's password

[Reportage]

Currently local mail cached by susimail is accessible and readable without
a password.. logging in to a known user's account in Susimail can be achieved
without supplying a password to read mail, or the local cache dir can be
accessed to read downloaded mails.

In the interests of security, offline mail should be encrypted and only
accessible via Susimail once the user has logged in with the correct password.

[zzz]

Yeah, the cache files are mode 600 but you can supply any or no password to see them through the web UI. That's because the password is the POP server password, we don't persist or validate the password (or hash). We need the username for offline viewing to match it to the correct cache dir. You can set a separate user/password for the whole console (including susimail) on /configui .

So the susimail password form is at best misleading as user's expectations are probably that the password is necessary to view local mail.

Not sure if we want to go as far as local encryption - not even Thunderbird does that - but I wonder what i2pbote does, let's ask str4d. We've never encrypted anything on disk in the standard i2p package, we don't have a set of libs for that, and would have to select a particular encryption type and parameters. If we do decide to encrypt, that would be phase two.

[zzz]

Not easy, no decisions yet, and won't happen for .33

[zzz]

str4d and I discussed briefly at 34c3. Detailed review to follow.

[zzz]

nowhere on str4d's priority list, pushing out

[zzz]

Add a subticket #2312.