Confirmation for cached passphrases useful?
Robert J. Hansen
rjh at sixdemonbag.org
Tue Oct 12 04:20:39 CEST 2010
On 10/11/2010 9:25 PM, Hauke Laging wrote:
> I just had the idea that it might be a good countermeasure against
> malicious software not to use a cached passphrase without any user
> interaction (and thus without user notice).
The most obvious way I see to circumvent this involves throwing a
trampoline on the UI library and bypassing this code entirely. It's a
two-hour hack, assuming you already have root access to the system. It
might make users *feel* more secure, but it doesn't actually help
overall system security -- IMO, at least. YMMV.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5598 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20101011/2df9cabd/attachment.bin>
More information about the Gnupg-users
mailing list