noecho before prompt
Scott Worley
sworley at chkno.net
Fri Jul 8 21:48:16 CEST 2005
>>> "Enter passphrase:" is a contract with the user. It means, "It's
>>> safe to type now."
>>
>> Would you mind to elaborate on the problem and the proposes solution?
>
> Presumably the concern is that gpg may get scheduled out after showing
> the prompt, but before setting noecho, and that it may remain scheduled
> out for long enough for a user to type some characters, which the kernel
> dutifully echoes. Evil Eve happens to walk past, and sees that Alice's
> passphrase starts with "Bo", and suddenly it becomes feasible to crack
> her passphrase, and John (the password-cracking program, not another
> crypto actor! :) finds it in two months of CPU time instead of in 10
> years.
Also, consider the case where the user is not human. For example, expect
(the tcl tool) can respond very quickly to the prompt and responds with
the entire passphrase in one write().
One can argue that expect is not the ideal interface to gpg.
More information about the Gnupg-devel
mailing list