GnuPG asks for confirmation...

markus reichelt ml at mareichelt.de
Fri Jun 2 16:26:31 CEST 2006


* Laurent Jumet <laurent.jumet at skynet.be> wrote:

> > Many mail clients will assume that any GPG message is encrypted and
> > prompt for a passphrase prior to invoking GPG.
> 
>     Are you sure?
>     Security wouldn't be compromised if passphrase is given to anything else 
> then gpg?

F.e. mutt itself asks for a passphrase and passes it on to gpg. It's
a normal thing for email clients to do, as with frontends for gpg as
well.

In case an attacker replaces the gpg binary with a wrapper... well,
security is compromised the moment when an attacker gains system
access anyway.

Btw, good to see GoldEd still floating around. How's fidonet?

-- 
2:2433/480
Sorry to the people I drove nuts back then, hehe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20060602/66d3a0df/attachment.pgp


More information about the Gnupg-users mailing list