GPG problem Urgent please

Atom 'Smasher' atom-gpg at suspicious.org
Tue Dec 23 23:42:49 CET 2003


> > echo 'password' | gpg  --passphrase-fd 0  --decrypt a.gpg
> >
> > this is horribly insecure.
>
> If you use bash (and probably, most of other shells) it is secure,
> because echo is shell built-in, and is not run as separate process, so
> you can't see the password in process arguments.
>
> And you can tune shells to discard saving such commands in history.
===========================

although that is a concern, the greater risk is that this requires the
password to be stored in a shell-script, as plaint-text.


 	...atom

 _______________________________________________
 PGP key - http://smasher.suspicious.org/pgp.txt
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
 -------------------------------------------------

	"IDEA's key length is 128 bits - over twice as long as DES.
	 Assuming that a brute force attack is the most efficient,
	 it would require 2^128 (10^38) encryptions to recover the
	 key. Design a chip that can test a billion keys per
	 second an throw a billion of the them at the problem,
	 and it will still take 10^13 years - that's longer than
	 the age of the universe. An array of 10^24 such chips can
	 find the key in a day, but there aren't enough silicon
	 atoms in the universe to build such a machine. Now we're
	 getting somewhere - although I'd keep my eye on the dark
	 matter debate."
		-- Bruce Schneier, Applied Cryptography




More information about the Gnupg-users mailing list