Confirmation for cached passphrases useful?

Faramir faramir.cl at gmail.com
Mon Oct 18 05:28:51 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 17-10-2010 22:09, Doug Barton escribió:
> On 10/17/2010 5:43 PM, Faramir wrote:
> |
> |    That may be true. However, remember feeling secure is part of security
> | too, so if that feature doesn't break anything, and make people sleep
> | better...
> 
> Two problems with that theory. The first is that a false sense of
> security does more harm than good. The second is that there is no such
> thing as a zero-cost change to software. So any proposed change has to
> have benefits that outweigh the costs. Of course accurately anticipating
> those costs is a whole different category of problems. :)

  Right, I agree, we don't want those stones that keeps tigers away. But
as long as people know the feature may be ignored by malware, it
wouldn't be false sense of security, maybe it would be the solution
against false sense of insecurity (if such thing exist).

  Also, I was not saying anything about costs of adding the feature, so
my message should have said: "if there is a developer willing to add it,
and it doesn't break anything, and it can be disabled by user, I'm ok
with it". Please note I'm not requesting that feature, I just said I
would not oppose to it's addition.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJMu77zAAoJEMV4f6PvczxAixsH/2eOUTAxT6NRjNkknkUPX3B9
C6smHbt7s3pQOdRGsEMwzuF6/IvcFAIs/wiO9ouKpaJed3xWjqPYL9BCOmpSfDDT
1gTfYXjE8fRAgy6z+Otj5JHSAOVHPJWGDYtYTz/JjH23R7sx6QTOXikW5Yct6McU
0gP1NWLQElp1t0SIwzldSCFFmCVX2PSU6MTD24ZTYfnWS4PwQNg8C/DHbyK+94I4
K6nr18Bi+cfHbC4sPRGuXkDAStkEW+sHn2udPCn3fNX17lQKsZbJgRUH3eEByLj2
Guwv8wD2hvM920X3Yj+5NtmVnpke+af+bKMbM6o+nHEhvNMC6QUwn5sqB/L86cY=
=YyM0
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list