GPG problem Urgent please
Atom 'Smasher'
atom-gpg at suspicious.org
Tue Dec 23 23:42:49 CET 2003
> > echo 'password' | gpg --passphrase-fd 0 --decrypt a.gpg
> >
> > this is horribly insecure.
>
> If you use bash (and probably, most of other shells) it is secure,
> because echo is shell built-in, and is not run as separate process, so
> you can't see the password in process arguments.
>
> And you can tune shells to discard saving such commands in history.
===========================
although that is a concern, the greater risk is that this requires the
password to be stored in a shell-script, as plaint-text.
...atom
_______________________________________________
PGP key - http://smasher.suspicious.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
-------------------------------------------------
"IDEA's key length is 128 bits - over twice as long as DES.
Assuming that a brute force attack is the most efficient,
it would require 2^128 (10^38) encryptions to recover the
key. Design a chip that can test a billion keys per
second an throw a billion of the them at the problem,
and it will still take 10^13 years - that's longer than
the age of the universe. An array of 10^24 such chips can
find the key in a day, but there aren't enough silicon
atoms in the universe to build such a machine. Now we're
getting somewhere - although I'd keep my eye on the dark
matter debate."
-- Bruce Schneier, Applied Cryptography
More information about the Gnupg-users
mailing list