Confirmation for cached passphrases useful?
MFPA
expires2010 at ymail.com
Thu Oct 14 01:02:41 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
On Tuesday 12 October 2010 at 4:05:45 AM, in
<mid:4CB3D089.3010909 at fifthhorseman.net>, Daniel Kahn Gillmor wrote:
> re-entering the passphrase each time is significantly
> more annoying than confirming its use in a reasonable
> context. (and re-entering the passphrase every time
> the secret is used is less secure than a simple
> confirmation prompt, since it trains the user to type
> their passphrase over and over again)
The user can type their password once per session into a text file and
paste it every time it is requested. This reduces the annoyance factor
and does not train the user to constantly re-type the passphrase.
- --
Best regards
MFPA mailto:expires2010 at ymail.com
Don't talk unless you can improve on the silence
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTLY6qKipC46tDG5pAQo3wAP+Ib5WaZw6IGAiLkOCZFCXgZd0NJv2j+Qo
4ipPkPwdl+MjhnQG5iVMyc0IzFpJ5JJmK0y1pgwiSoRvZTh6mFy3U8af/YG+OIvE
cu9x4xLw7yaulurvQ8b1r27L2IQIM8/OQQAgN/UapLuLaIzj//ZhRm8GxYA3uZ2J
oSPTWL70TLw=
=Y292
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list