Win32 passphrase proposal

Daryl Krauter dkrauter@getesuite.com
Wed Jul 25 19:11:01 2001



> > How true, but it really is no different than storing it
> > in some file and passing it via the commandline arg '--passphrase-fd'.
>
> AFAIK nobody is seriously advocating using it for that. This is just
> so that other programs can read the passphrase from the user and pass
> it directly to gpg in a hopefully secure fashion.
>
I should have stated this up front, but the only reason that I (or any one else AFAIK) would use '--passphrase-fd' is for automation. As such, all of this is under the context of '--batch'.
>
> > or PASSPHRASE (as the string itself).
>
> The environment is insecure also.
This was talking about what 'pgp' command-line does. In no way was a level of security implied.
> > Perhaps a better scenario is for the passphrase to be stored in a
'mangled'
> > state so it would not be as easily figured out.

> Still gpg will have to have an automated way to figure it out from the
> mangle. So if gpg can figure it out, so can anyone else. You have
> gained nothing.
How true, but it would NOT be in its bare-bones state for nobody to have to anything but look (like a neon sign). As was mentioned, "it would not be as easy".