Confirmation for cached passphrases useful?

Sascha Silbe sascha-ml-reply-to-2010-3 at silbe.org
Thu Oct 14 20:03:25 CEST 2010


Excerpts from Robert J. Hansen's message of Tue Oct 12 15:25:50 +0200 2010:

> These two attack modes (root and user access) cover the overwhelming
> majority of instances today, so already this hypothetical attack is an
> exotic.

That most mainstream systems are painfully easy to attack doesn't imply
we should stop trying to make systems more secure.

One instance where the proposed mechanism (in conjunction with the new
version of gpg-agent that will handle the secret keys itself) would be
both useful and secure is Sugar [1] in combination with Rainbow [2].
Depending on who you believe, there are currently some hundred thousand
to over a million systems currently running this combination (on OLPC [3]
XO-1 [4]).

Sascha

[1] https://www.sugarlabs.org/
[2] http://wiki.laptop.org/go/Rainbow
[3] http://www.laptop.org/
[4] http://wiki.laptop.org/go/XO-1
--
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: </pipermail/attachments/20101014/ba67b13b/attachment.pgp>


More information about the Gnupg-users mailing list