Confirmation for cached passphrases useful?
faramir.cl at gmail.com
Mon Oct 18 02:37:47 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
El 15-10-2010 14:31, Doug Barton escribió:
> On 10/15/2010 9:23 AM, Werner Koch wrote:
>> Nevertheless, the confirmation prompt for a cached passphrase is not
>> entirely unfounded
> The other problem with the confirmation proposal is that (unless I'm
> missing something really dramatic) the intersection between plausible
> attack vectors and vulnerabilities that confirmation would actually fix
> seems so small that it does not justify even the coding/QA time to
> develop the feature, never mind the inconvenience to the user.
I guess as long as it can be disabled by people thinking it is
useless/too annoying, it won't cause problems...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Gnupg-users