How easy would it be to create (and prevent the creation of) a fake pinentry?
Olivier Mehani
shtrom at ssji.net
Thu Apr 30 01:13:42 CEST 2009
On Wed, Apr 29, 2009 at 04:40:47PM +0300, Peter Pentchev wrote:
> > The pinentry should only pop up when the application actually needs the key do
> > do something. If pinentry pops up without you doing someting that requires
> > your secret key, you should be worried.
> ...like, for example, your OpenPGP-powered Jabber client suddenly
> needing to reconnect after something happened to the network and
> you simply didn't notice? :>
That's exactly what I'm talking about. (:
--
Olivier Mehani <shtrom at ssji.net>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: </pipermail/attachments/20090430/aa06533a/attachment.pgp>
More information about the Gnupg-users
mailing list