#saltr (irc2p) | I2P+ 2.7.0-9+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | natter.i2p | notbob.i2p | ramble.i2p | shreddit.i2p | cake.i2p | /msg an op for voice

#saltr

/2023/04/01

Online: 45

~dr|z3d

@RN

@RN_

@StormyCloud

@T3s|4

@T3s|4_

@eyedeekay

@orignal

@postman

@zzz

%Liorar

+FreefallHeavens

+Xeha

+bak83_

+cancername

+cumlord

+hk

+profetikla

Arch

DeltaOreo

FreeRider

Irc2PGuest19353

Irc2PGuest46029

Irc2PGuest64530

Meow

Nausicaa

Onn4l7h

Onn4|7h

Over1

acetone_

anon4

anu

boonst

enoxa

mareki2pb

mittwerk

not_bob_afk

plap

poriori_

shiver_

simprelay

solidx66

u5657_1

uop23ip

weko_

dr|z3d eyedeekay: not sure we need more than one password tbh.

dr|z3d password that encrypts storage could be the same login p/w for postman's server.

dr|z3d unless there's an issue with that?

dr|z3d what we could use is an in-susimail password manager for the account once logged in which may require some api tweaks server-side.

eyedeekay That would be useful, I asked about such an API in #mail.i2p earlier

eyedeekay I think different passwords for login and local storage is better for security in principle

dr|z3d not buying it. if the login password is exposed when you login to susimail, then it's exposed. 2 passwords is just adding more complexity for no reward as far as I can tell.

dr|z3d having one password means never logging into susimail with the wrong password and wondering why server login's not working.

eyedeekay It's the other direction I'm concerned about, even if the login password becomes exposed, the local storage password is not

dr|z3d eyedeekay: don't think it's worth worrying about.

RN I think some of that was just prioritizing out loud ;)

dr|z3d I mean, currently we have totally unencrypted storage, so just encrypting the storage with the login pass is better.

RN I wouldn't want my snark dl's in an encrypted dir, unless I made it that way, but I do get the want for that

RN but email might be a little different

RN the user logs in to get to them

RN if the router is off and someone can just go look at them without the router even being fired up

RN I think clear disclosure to the users about it might be a better solution for now... I mean if they use a common mail client with pop/smtp then does that client encrypt the emails on disk?

RN II'm pretty sure TBird stores email in a file format that's trivial to parse

dr|z3d we're talking about susimail mail dirs, RN.

dr|z3d thunderbird stores emails in cleartext.

RN right

RN so...

dr|z3d what eyedeekay and I have been discussing is encrypting the user's susimail download dir.

dr|z3d first off.

RN to make susimail more appealing

RN right

dr|z3d and also pgp support.

RN I was just saying of other email apps don't do it...

RN pgp support would rank higher than enc storage

RN imho

dr|z3d no they don't, but they function differently.

dr|z3d the user is lead to believe they need to login to access their e-mail in susimail.

RN with pgp you can have the emails encrypted in stored state by default

dr|z3d separate issue.

RN yeah, where is that leading? but I would probably have assumed the same when I was new to I2P

RN it's all encrypted

dr|z3d and recipient would need to have pgp support for it to make sense.

RN automagically protects me from being careless

RN hehe

RN right... so a note "if you are not deleting emails that don't use pgp encryption, be aware these emails can be read from the files withuot the router running"

RN or such

dr|z3d no.

dr|z3d pgp is later. encrypted mail dir is first.

RN both promotes better opsec, using pgp, and promotes user awareness

RN ok, I'm listening

dr|z3d pgp is mroe involved.

dr|z3d to really make sense, you'd probably want an addressbook with contacts.

dr|z3d then you can attach their pgp key and everything else is taken care of.

dr|z3d and that also allows you to attach your pgp key to e-mails only if you the contact doesn't have a pgp keyed enabled or you're not sending to a contact in your addressbook.

RN ok

dr|z3d much more involved.

dr|z3d encrypting a user's mail dir, otoh, not so much.

albat Salut dr|z3d, j'utilise un traducteur que m'a montré RN :)

albat Hi dr|z3d, I'm using a translator shown to me by RN :)

albat You're there?

albat now i have good english lol

dr|z3d your english was fine before, albat

dr|z3d et salut.

albat now it's better, my beloved cockroach :)

albat github.com/ttappr/hexchat_translator

RN remember though albat, it does send everything to Google

albat ok

RN fun little find though

RN I don't remember him saying beloved cockroach before though... do you?

RN heheheh

mildseven oh its a hexchat plugin :)

mildseven is there a weechat plugin?

albat I don't know

RN yep. 64 bit os and 64 bit hexchat required

RN the danger of git is you will probably find one

RN ;)

RN if I knew rust... I'd divorce it from google and swithch to another translation engine

mildseven rust is a great game ;)

RN :þ

mildseven hehe

dr|z3d albat le caffard. he's being symmetrical.

RN symetry can be pretty

RN but it is the tiny variations from symmetry that are truely beautiful