A safe text editor

Peter Lebbing peter at digitalbrains.com
Sun Sep 9 20:39:55 CEST 2012


On 09/09/12 13:12, Milo wrote:
> Also there are vim scrips allowing some level of integration with gnupg.

Personally, I'd have more faith in a text editor that was written ground-up with
security in mind. If you take a full-fledged editor that was never intended to
hide the contents, and then bolt on the security with some scripts, it's quite
likely you're missing some way in which it is leaking your data.

On the other hand, you have to consider your threat model. It could be enough.
But I wouldn't be surprised if that nephew of yours who's good with computers
got hold of one of your passwords, greps your whole hard disk for that password,
and thus uncovers some temp file or swap page with all your passwords neatly
arranged around that one password he knew.

By the way, I don't suspect vim scripts can lock memory pages, so it could
indeed very well be a swapped out memory page that will match the grep expression...

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt



More information about the Gnupg-users mailing list