Win32 passphrase proposal

John Goerzen jgoerzen@complete.org
Wed Jul 25 18:31:01 2001


"Daryl Krauter" <dkrauter@getesuite.com> writes:


> How true, but it really is no different than storing it
> in some file and passing it via the commandline arg '--passphrase-fd'.
AFAIK nobody is seriously advocating using it for that. This is just so that other programs can read the passphrase from the user and pass it directly to gpg in a hopefully secure fashion.
> or PASSPHRASE (as the string itself).
The environment is insecure also.
> Perhaps a better scenario is for the passphrase to be stored in a 'mangled'
> state so it would not be as easily figured out.
Still gpg will have to have an automated way to figure it out from the mangle. So if gpg can figure it out, so can anyone else. You have gained nothing. -- John -- John Goerzen <jgoerzen@complete.org> www.complete.org #include <std_disclaimer.h> GnuPG key 0x8A1D9A1F from www.complete.org/key