Confirmation for cached passphrases useful?

Doug Barton dougb at
Fri Oct 15 19:31:04 CEST 2010

On 10/15/2010 9:23 AM, Werner Koch wrote:
> Nevertheless, the confirmation prompt for a cached passphrase is not
> entirely unfounded

I've really been biting my tongue on this thread because it seemed like 
the right people were saying the right things already, but you're making 
me nervous now Werner. :)

The right solution to the concern expressed is to keep the time for 
gpg-agent to cache the pass phrase down to a reasonable level, where 
"reasonable" may mean different things in different environments. I 
don't remember what the default is, but I do recall thinking when I 
first installed -agent that it seemed sufficiently short to protect new 
users from themselves; but too short for my tastes, so I fixed it. :)

The other problem with the confirmation proposal is that (unless I'm 
missing something really dramatic) the intersection between plausible 
attack vectors and vulnerabilities that confirmation would actually fix 
seems so small that it does not justify even the coding/QA time to 
develop the feature, never mind the inconvenience to the user.




Breadth of IT experience, and    |   Nothin' ever doesn't change,
depth of knowledge in the DNS.   |   but nothin' changes much.
Yours for the right price.  :)   |		-- OK Go

More information about the Gnupg-users mailing list