Bug in GnuPG
Werner Koch
wk at gnupg.org
Wed Jan 11 16:40:09 CET 2006
On Wed, 11 Jan 2006 08:37:41 -0600, Joe Vender said:
> prompts until my hidden_recipient(session_key) is encountered. Also, many
> users will not be willing, or at least prefer not, to cache the passphrase
> due to security concerns. There must be a better way of handling this. It
Caching the passphrase for a few minutes is just fine. The passphrase
itself is mainly a protection against stolen disks or alike. Any key
logger will be able to log the passphrase and by entering it many
times over a day it will be even easier to figure out the passphrase.
I consider gpg-agent/pinentry-gtk on a local X-sever more secure than
the passphrase prompt of gpg.
> would first ask for my passphrase and then move through the
> hidden_recipient(session_key) list until it encountered the one that
> matched the right key to decrypt the message.
As already mentioned, there is no immediate list of public key
encrypted packages - they are processed one after the other without
any look-ahead.
I just checked the code and a possible way to implement it is be
queuing up the hidden publick key encrypted packets and process them
only after all other packets failed. However this is still a too
intrusive change for now.
It won't help the passphrase caching problem. The memory used for
for storing the unprotected secret keys (after the passphrase has been
presented) is a scare resource and thus we can't keep them them
unprotected for a logn time. It is even a design goal to keep secret
stuff as short as possible unprotected. gpg-agent/pinentry solves
this problem.
Salam-Shalom,
Werner
More information about the Gnupg-devel
mailing list