Confirmation for cached passphrases useful?
faramir.cl at gmail.com
Mon Oct 18 02:43:39 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
El 15-10-2010 14:42, Robert J. Hansen escribió:
> On 10/15/10 1:31 PM, Doug Barton wrote:
>> The other problem with the confirmation proposal is that ... the
>> intersection between plausible attack vectors and vulnerabilities
>> that [this proposal] would actually fix seems [very] small.
> I seem to recall saying something similar to this a few days ago. :)
> I'll go one step further: so far I haven't seen anyone present a
> plausible intersection. I've seen some hypothetical intersections, but
> none that I think are plausible.
> This seems like a nonsolution to a nonproblem.
That may be true. However, remember feeling secure is part of security
too, so if that feature doesn't break anything, and make people sleep
And if one day the user finds it has been disabled somehow, the user
might become aware of some malware in the machine...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Gnupg-users