[Announce] GPGee version 1.1.2 - Important Security Update
Kurt Fitzner
kfitzner at excelcia.org
Sat Jul 30 00:29:18 CEST 2005
Version 1.1.2 of GPGee has been released. This release fixes a newly
identified security issue.
In previous versions of GPGee, the mechanism that was intended to
overwrite passphrases after they were used had a flaw that prevented
this from occuring. This makes is more likely (though still not very)
that a passphrase could end up being written in the clear to the Windows
swap file.
In addition to fixing the above issue, version 1.1.2 has much more
robust internal handling of passphrases all around. All memory used for
passphrase handling is now locked to prevent it being swapped out.
Also, a better caching mechanism is in place to cache all passphrases
entered during a single verify/decrypt operation. You never have to
enter a passphrase for a particular key more than once when multiple
files are verified/decrypted in a single operation. For security
reasons, passphrases are still not ever cached longer than a single
operation.
For those of you who are unfamilliar with the program, GPGee is the
GnuPG Explorer Extension - a Windows shell extension front end for GnuPG
that gives you access to GnuPG functionality directly through the
Windows explorer right-click context menu.
More information (including a full discussion of the new version, the
security flaw, and its implications) and downloads are available from:
http://gpgee.excelcia.org
Kurt Fitzner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 546 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050729/09831eb0/signature.pgp
More information about the Gnupg-announce
mailing list