Confirmation for cached passphrases useful?
sascha-ml-reply-to-2010-3 at silbe.org
Thu Oct 14 20:03:25 CEST 2010
Excerpts from Robert J. Hansen's message of Tue Oct 12 15:25:50 +0200 2010:
> These two attack modes (root and user access) cover the overwhelming
> majority of instances today, so already this hypothetical attack is an
That most mainstream systems are painfully easy to attack doesn't imply
we should stop trying to make systems more secure.
One instance where the proposed mechanism (in conjunction with the new
version of gpg-agent that will handle the secret keys itself) would be
both useful and secure is Sugar  in combination with Rainbow .
Depending on who you believe, there are currently some hundred thousand
to over a million systems currently running this combination (on OLPC 
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: not available
More information about the Gnupg-users