Opened 4 years ago

Last modified 3 years ago

#2081 open defect

Local Susimail cache should be encrypted with user's password

Reported by: Reportage Owned by:
Priority: major Milestone: undecided
Component: apps/susimail Version: 0.9.32
Keywords: susimail, login, unencrypted cache Cc: str4d
Parent Tickets: Sensitive: no


Currently local mail cached by susimail is accessible and readable without
a password.. logging in to a known user's account in Susimail can be achieved
without supplying a password to read mail, or the local cache dir can be
accessed to read downloaded mails.

In the interests of security, offline mail should be encrypted and only
accessible via Susimail once the user has logged in with the correct password.


#2312: Susimail GUI login cached bypassingclosedzzz

Change History (6)

comment:1 Changed 4 years ago by zzz

Cc: str4d added
Status: newopen

Yeah, the cache files are mode 600 but you can supply any or no password to see them through the web UI. That's because the password is the POP server password, we don't persist or validate the password (or hash). We need the username for offline viewing to match it to the correct cache dir. You can set a separate user/password for the whole console (including susimail) on /configui .

So the susimail password form is at best misleading as user's expectations are probably that the password is necessary to view local mail.

Not sure if we want to go as far as local encryption - not even Thunderbird does that - but I wonder what i2pbote does, let's ask str4d. We've never encrypted anything on disk in the standard i2p package, we don't have a set of libs for that, and would have to select a particular encryption type and parameters. If we do decide to encrypt, that would be phase two.

comment:2 Changed 4 years ago by zzz

Milestone: 0.9.330.9.35

Not easy, no decisions yet, and won't happen for .33

comment:3 Changed 4 years ago by zzz

str4d and I discussed briefly at 34c3. Detailed review to follow.

comment:4 Changed 3 years ago by zzz

Milestone: 0.9.350.9.37

nowhere on str4d's priority list, pushing out

comment:5 Changed 3 years ago by zzz

Add a subticket #2312.

comment:6 Changed 3 years ago by zzz

Milestone: 0.9.37undecided
Note: See TracTickets for help on using tickets.