Confirmation for cached passphrases useful?
faramir.cl at gmail.com
Mon Oct 18 05:28:51 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
El 17-10-2010 22:09, Doug Barton escribió:
> On 10/17/2010 5:43 PM, Faramir wrote:
> | That may be true. However, remember feeling secure is part of security
> | too, so if that feature doesn't break anything, and make people sleep
> | better...
> Two problems with that theory. The first is that a false sense of
> security does more harm than good. The second is that there is no such
> thing as a zero-cost change to software. So any proposed change has to
> have benefits that outweigh the costs. Of course accurately anticipating
> those costs is a whole different category of problems. :)
Right, I agree, we don't want those stones that keeps tigers away. But
as long as people know the feature may be ignored by malware, it
wouldn't be false sense of security, maybe it would be the solution
against false sense of insecurity (if such thing exist).
Also, I was not saying anything about costs of adding the feature, so
my message should have said: "if there is a developer willing to add it,
and it doesn't break anything, and it can be disabled by user, I'm ok
with it". Please note I'm not requesting that feature, I just said I
would not oppose to it's addition.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Gnupg-users