Confirmation for cached passphrases useful?
mailinglisten at hauke-laging.de
Tue Oct 12 03:25:03 CEST 2010
I just had the idea that it might be a good countermeasure against malicious
software not to use a cached passphrase without any user interaction (and thus
without user notice). A good compromise would be to open a dialog which does
not ask for the passphrase but just for the confirmation that it's OK to use
the passphrase. The dialog could mention the process accessing gpg-agent.
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 555 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users