Confirmation for cached passphrases useful?

Hauke Laging mailinglisten at
Tue Oct 12 03:25:03 CEST 2010


I just had the idea that it might be a good countermeasure against malicious 
software not to use a cached passphrase without any user interaction (and thus 
without user notice). A good compromise would be to open a dialog which does 
not ask for the passphrase but just for the confirmation that it's OK to use 
the passphrase. The dialog could mention the process accessing gpg-agent.


PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20101012/7014fa58/attachment.pgp>

More information about the Gnupg-users mailing list