Confirmation for cached passphrases useful?

Larry Brower larry-lists at maxqe.com
Tue Oct 12 03:56:14 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hauke Laging wrote:
> Hello,
> 
> I just had the idea that it might be a good countermeasure against malicious 
> software not to use a cached passphrase without any user interaction (and thus 
> without user notice). A good compromise would be to open a dialog which does 
> not ask for the passphrase but just for the confirmation that it's OK to use 
> the passphrase. The dialog could mention the process accessing gpg-agent.
> 
> 
> CU
> 
> Hauke
> 

This seems like something that would get really annoying really
quickly. Why not just change settings to not cache the passphrase if
you do not like using it this way ?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMs8A+AAoJEPXCUD/44PWqVHUP/i2jbdt/AsYx2IlrrNqMdtjw
8lnxlUTeOfM11vOHD1CWctJsUH1LyhihKmf+0WZZRSv7k3S1vkVcIPD6zRmee4IS
AI+3wvtlGdsF/+BlMeelCMMdaU8ys4OB4YbfQdaftAsBsO3IqZ32K1VLkMcje6Wd
YdREF/dDEzD41tJ/oQLwxW8Ek9IBTUDrA7p1HdCuzf5YfqdDF0eLvTaGXCK6mO7e
RJeSLlelQs7kgTq1KEvOAMGgpF8vye8soLN3aJcxkZnjp991Eeus6ZIhxdYRoXIz
o7sPTf8ejctUrgGrW00hVUoUMhCdKN+ELx4Ux0fIgDGzMVItYRDXrAnbTeuZ2z3x
/3gBAQbAQWWvFXQZ6CQT3uNJQVtOmTwber8DjSaSRsRxNsQbh15SeOIHEGgI73wk
xEfvoL7iirMOcVmjndGc6063nUPvhJyotvefafrOKbL3vae7C8480x1kc0uhB2Ry
U9daKonVyCPGyqAhqem1oYpPjjD2aUuyDzLM4y7t0yfKAwEqjL+vQogGfilyKYhy
U+g/OybkgQLckG5RgnEcqzlIcSWPdnl6eIxc/YF8EMxYpcXrZhXMrGkk8fDVC36R
3TM/siVhttdo7v9ekFxT3eOF/6vsKoASpP1Vz4aZXpSQ8a3/WRW5eDyQ6li4goKH
Ub+vZOmMc14HvzSAlBpt
=+JVD
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list