Frontends for Windows
Ingo Klöcker
ingo.kloecker@epost.de
Sun Nov 18 20:08:01 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 18 November 2001 18:08, Silviu Cojocaru wrote:
> Sunday, November 18, 2001 at 7:06:03 PM ,
> Ingo Klöcker wrote the following
> on the "Frontends for Windows" thread:
>
> IK> Does it ask you for your passphrase?
>
> IK> As I don't know this program I really don't know the answer to
> this IK> question. But if the answer is yes then how can you be sure
> the program IK> doesn't leak the passphrase somehow, be it
> intentional (because of IK> malicious code) or unintentional (because
> of buggy code).
>
> How can you be sure that the front end is really the *only* to
> get your password anyway ?
>
> It as the same chance as any other soft to catch it. Input can
> be captured in multiple way,the front end does not need to leak,
> I don't see this as an issue.
Maybe you should.
Of course there are many ways to catch a passphrase (on Windows systems
it's probably much easier than on Unix systems). But why shouldn't I
try to minimize the risk by not using any software which I can't check
due to the lack of it's source code?
BTW, I doubt that GPGshell is a trojan horse. But unfortunately I can't
be sure and that's why I would never use it.
Regards,
Ingo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7+AayGnR+RTDgudgRAnzNAKCF5P+eeqCBiLPVh5yCLv+wBvqKZACeJZHM
vNavfeqIxnPj+cfY6xs/uks=
=7I55
-----END PGP SIGNATURE-----