Re: mutt assistance

To: debian-user@lists.debian.org
Subject: Re: mutt assistance
From: Dave Sherohman <esper@sherohman.org>
Date: Tue, 14 Mar 2006 12:51:30 -0600
Message-id: <[🔎] 20060314185130.GA23125@sherohman.org>
Mail-followup-to: Dave Sherohman <esper@sherohman.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 20060314174711.GA22810@d.umn.edu>
References: <[🔎] 20060314174711.GA22810@d.umn.edu>

On Tue, Mar 14, 2006 at 11:47:11AM -0600, Matt Zagrabelny wrote:
> problem 1)
> 
> after composing a message it shows up as an attachment in the preview
> screen before it can get sent out. i have tried putting the following
> line in my .muttrc file:
> 
> attachments +I text/plain
> 
> though this doesnt seem to make it display inline.

The compose screen isn't really a "preview" in the sense you're
thinking...  It's really more of a structural outline than a preview.
Take a look at ths following example:

-- Attachments
- I     1 /tmp/mutt1OVoQ3                    [text/plain, 7bit, us-ascii, 2.2K] 
  A     2 ~/XF86Config-4                     [text/plain, 7bit, us-ascii, 2.2K] 
  A     3 ~/base.txt                         [text/plain, 7bit, us-ascii, 1.3K]

Yeah, it *says* "Attachments" at the top, but notice that the third
column has an I (inline) for the actual body text (/tmp/mutt...) and A
(attachment) for the other two files.  (As further evidence, that example
is from this very message...  I'll detach my XF86Config and text file
before sending, but note that it will arrive with the body inline,
just like your message that I'm replying to did.)

> problem 2)
> 
> imap access. is there a way to hash the password in the .muttrc file?
> (i dont want to have a clear text password in a config file)

Just `chmod .muttrc 600` and don't worry about it.  That will set the
permissions so that only you can read (or write to) the file, preventing
anyone else from looking at it.  (Unless they crack your user account
or have root access, but in either case you'd have bigger problems than
your IMAP password to worry about anyhow.)  Hashing/ encrypting the
password in .muttrc wouldn't really buy you anything anyhow, provided
that you're not using that same password for anything else.  Consider:

- If it's stored as a hash and that hash (or another hash derived from
it) is sent to the IMAP server, then an attacker could just steal the
hash and send it themselves, making it functionally equivalent to getting
your IMAP password.  (Again, provided that your IMAP password isn't used
for anything else.  Which it really shouldn't be...)

- If it's stored in an encrypted form which mutt is able to decrypt
without requiring you to enter a passphrase, then an attacker could take
the encrypted form, grab the mutt source, run your encrypted password
through mutt's decryption code, and get your password anyhow.

- If it's stored in an encrypted form which does require a passphrase
to decrypt, then wouldn't it really be more secure to just type in your
IMAP password (instead of the passphrase) rather than storing it in
.muttrc at all?

-- 
The freedoms that we enjoy presently are the most important victories of the
White Hats over the past several millennia, and it is vitally important that
we don't give them up now, only because we are frightened.
  - Eolake Stobblehouse (http://stobblehouse.com/text/battle.html)

Reply to:

References:
- mutt assistance
  - From: mzagrabe@d.umn.edu (Matt Zagrabelny)

Prev by Date: Re: distribution upgrade question
Next by Date: Re: distribution upgrade question
Previous by thread: mutt assistance
Next by thread: Re: mutt assistance
Index(es):
- Date
- Thread