GPG problem Urgent please
Ivan Boldyrev
boldyrev+nospam at cgitftp.uiggm.nsc.ru
Wed Dec 24 00:23:53 CET 2003
On 8600 day of my life atom-gpg at suspicious.org wrote:
>
> echo 'password' | gpg --passphrase-fd 0 --decrypt a.gpg
>
> this is horribly insecure.
If you use bash (and probably, most of other shells) it is secure,
because echo is shell built-in, and is not run as separate process, so
you can't see the password in process arguments.
And you can tune shells to discard saving such commands in history.
--
Ivan Boldyrev
| recursion, n:
| See recursion
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : /pipermail/attachments/20031224/a0d6a212/attachment.bin
More information about the Gnupg-users
mailing list