Confirmation for cached passphrases useful?

Chris Knadle Chris.Knadle at coredump.us
Fri Oct 15 05:21:28 CEST 2010


On Thu, October 14, 2010 4:54 pm, Daniel Kahn Gillmor wrote:
> On 10/14/2010 04:31 PM, Grant Olson wrote:
>> But ultimately once you start trying to fix the problem by offloading
>> the checks to special hardware, you might as well just key a smart card
>> reader with an integrated keypad.  Then you can use a simple pin.  Not
>> quite as convenient as hitting Y/N, but way more convenient than a
>> really strong password.
>
> Yes, that'd be nice, if that hardware is available and convenient for
> the user.
>
> But far more people have access to a laptop with system-handled ACPI key
> combinations than have access to card readers with integrated keypads.

This reminds me of the Yubikey, which is a one-button USB stick that
registers as a keyboard, and "types" your password when you press the
button on it.  In other words, you don't necessarily need there to be a
/physical/ keypad for a device to act like it has a "keyboard".

IIRC this wasn't the particular use case meant for the Yubikey though -- I
think it was meant to be used in combination with online sites.  There
might be a similar device meant for GPG... or one could be made if it
doesn't exist yet.

Anything beats copying a password to a plaintext file, which is insane. 
Seems to beg a Spaceballs quote: "12345?  I've got the same password on my
luggage!  Oh... and change the password on my luggage."

...
> Back to the original point: a confirmation prompt for the agent has the
> potential to be useful in many cases, particularly with the agent model
> described for the upcoming gnupg 2.1, and to a lesser extent with
> earlier versions of the agent protocol.  I'm not denying that there are
> other approaches which might solve the same problem, but there are
> tradeoffs to all of them which may not be suitable for any particular
> user.
>
> I remain perplexed at the opposition this reasonable feature proposal
> has received.

I think it reminds some people of an "Are you sure?" prompt.  I realize
that's not exactly meant to be what this is for, of course, but that might
ultimately be what it "feels like" unless there's another outward purpose
for the prompt.

Now, that said, I'll just say I'm not against adding it if there's a
particular security case deemed worth defending.

   -- Chris

--

Chris Knadle
Chris.Knadle at coredump.us




More information about the Gnupg-users mailing list