Confirmation for cached passphrases useful?
Hauke Laging
mailinglisten at hauke-laging.de
Tue Oct 12 03:25:03 CEST 2010
Hello,
I just had the idea that it might be a good countermeasure against malicious
software not to use a cached passphrase without any user interaction (and thus
without user notice). A good compromise would be to open a dialog which does
not ask for the passphrase but just for the confirmation that it's OK to use
the passphrase. The dialog could mention the process accessing gpg-agent.
CU
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20101012/7014fa58/attachment.pgp>
More information about the Gnupg-users
mailing list