Confirmation for cached passphrases useful?

Faramir faramir.cl at gmail.com
Mon Oct 18 02:37:47 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 15-10-2010 14:31, Doug Barton escribió:
> On 10/15/2010 9:23 AM, Werner Koch wrote:
>> Nevertheless, the confirmation prompt for a cached passphrase is not
>> entirely unfounded
...
> The other problem with the confirmation proposal is that (unless I'm
> missing something really dramatic) the intersection between plausible
> attack vectors and vulnerabilities that confirmation would actually fix
> seems so small that it does not justify even the coding/QA time to
> develop the feature, never mind the inconvenience to the user.

  I guess as long as it can be disabled by people thinking it is
useless/too annoying, it won't cause problems...

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJMu5bbAAoJEMV4f6PvczxAiOEIAI0JBQ47kWOjw6tnidtBDgQJ
FmLo/Xo9sxrKVq2JhxQPtYn1zlswZiYOZubCR070Yz9mO8Bx4CbkuwAS/XbsfFav
ciUuoB5cwh+Vkhj+U4S2KWO5NCdEhTYmrgNZ9ZR66WH6qygHHt2DkPjCxmWXMALW
OKvO52LXrjCnF+I+DtY2nfBjepYGjQatAntitzUTORz33Ggq/Q2I5UmGB8DEu1q2
ezmK9Zf8q5xMMx9Vwgt7ZN/Y9bF/VUVdGg7Y9Px4e/KbCSVTbHShlMpN8M+rthD/
iLNFnA2YK8ZBJqnbuEGvzyjx/NaJUHRryGIxZZTKJvn6Hmr9xgVcOCnUDXqkpkM=
=7+qH
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list