GnuPG Daemon?

[Werner Koch]

On Fri, 25 May 2001, clemensF wrote:

> in what way?  recovering the passphrase should be hard for root as well.

There 42 and more ways for root to do _everything_. 

What about attaching strace to a running gpg or replacing the gpg
binary with a version whichs logs passphrases or just tracing all
syscalls or pty dataflows.

> > * Could they make it dump core and rip the passphrase from that? If it
> > dumped core, the passphrase would be readily available.  In a perfect

Programs which handle sensitive information should disable core
dumps - this is pretty easo on most systems.

> a passphrase could be encrypted time-limited, the program could recrypt it
> from time to time, so it would not stay unencrypted in memory too long.

And where do you keep the key for this encryption ?!

ciao,

  Werner

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus