A last word on --passphrase-fd

Alan Shutko ats@acm.org
21 Jan 2000 14:30:26 -0500

Chuck Robey <chuckr@picnic.mat.net> writes:

> Uhh. I'm not the crypto-whiz you are. I understand (I think) the DVD
> story. Can you tell me why needing crypto signatures on output of a cron
> job equates to the DVD story? No sarcasm here, I really don't know.
You don't quite have the equivalence. It's not needing crypto signatures on cron output. It's storing a decryption key where people can get at it. You want to have gpg sign things automatically, without any interaction, right? To do this, you think that you need to have a key protected by a passphrase, and that somehow (say, by getting it from a file), your cron job will give the passphrase to gpg. Werner's saying that's absolutely no more protection than having a key without a passphrase. What's protecting the file you keep your password in from being viewed? Probably, unix file permissions, difficulty in logging into the machine, etc. What's protecting a key without a passphrase from being stolen? Exactly the same thing. So you aren't losing any security by just getting rid of the passphrase. A passphrase normally provides protection for a key because if you get the key, you don't get the passphrase. It's in someone's head somewhere. If someone breaks into my computer and gets my secret keyring, they can't use it because they'd have to come to my cube and rough me up a bit. But if the passphrase is stored on the same machine as the key, there's nothing stopping them. The analogy to DVDs is that they have a Content Scrambling System (or whatever it's called)... but the key is stored on the DVD itself. That's why it's been broken. -- Alan Shutko <ats@acm.org> - In a variety of flavors! Old golfers never die, they just loose their BALLS