Confirmation for cached passphrases useful?
Faramir
faramir.cl at gmail.com
Mon Oct 18 02:43:39 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
El 15-10-2010 14:42, Robert J. Hansen escribió:
> On 10/15/10 1:31 PM, Doug Barton wrote:
>> The other problem with the confirmation proposal is that ... the
>> intersection between plausible attack vectors and vulnerabilities
>> that [this proposal] would actually fix seems [very] small.
>
> I seem to recall saying something similar to this a few days ago. :)
>
> I'll go one step further: so far I haven't seen anyone present a
> plausible intersection. I've seen some hypothetical intersections, but
> none that I think are plausible.
>
> This seems like a nonsolution to a nonproblem.
That may be true. However, remember feeling secure is part of security
too, so if that feature doesn't break anything, and make people sleep
better...
And if one day the user finds it has been disabled somehow, the user
might become aware of some malware in the machine...
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBCAAGBQJMu5g7AAoJEMV4f6PvczxAdlwH/3wG+1xLsSJmuTL7vBzUuZGl
5uZq2Rm2Jvm9+Wzydrm8PBAPs5tctDmZRRE3rp4Nvc3rohvi25HDHTTJt6y5FMjp
TNrSPhUMJHviY4dGpISGdWymslGJDHyVMt7N19XW+1LTdVxwuUP4a0rEPdsPqONY
potHSz2fttIOlYqIFbjwInxeKf91G9Mh9I51qGgh54icwPjjN/hH/Bfpg1dz7ykE
hFMQAGR6x1m91Vkm19LCLkDrbZyfmvLDc9kkmGS7IQ1L8PoBmRg4zHty2B6jQ7E+
wH/7x/Ay0ye6lItCSTFvk02wWEiu2GFcnC9OVPELcLpGY1Ozx+QDzQXhad2IAkI=
=Fio8
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list