A safe text editor
Milo
gnupg at oneiroi.net
Sun Sep 9 21:06:23 CEST 2012
Peter.
On 09/09/2012 08:39 PM, Peter Lebbing wrote:
> On 09/09/12 13:12, Milo wrote:
>> Also there are vim scrips allowing some level of integration with gnupg.
>
> Personally, I'd have more faith in a text editor that was written ground-up with
> security in mind. If you take a full-fledged editor that was never intended to
> hide the contents, and then bolt on the security with some scripts, it's quite
> likely you're missing some way in which it is leaking your data.
>
> On the other hand, you have to consider your threat model. It could be enough.
> But I wouldn't be surprised if that nephew of yours who's good with computers
> got hold of one of your passwords, greps your whole hard disk for that password,
> and thus uncovers some temp file or swap page with all your passwords neatly
> arranged around that one password he knew.
>
> By the way, I don't suspect vim scripts can lock memory pages, so it could
> indeed very well be a swapped out memory page that will match the grep expression...
>
> HTH,
>
> Peter.
>
I'm not sure what you are trying to say/prove by polemics with things I
didn't wrote. I won't speculate about your faith in editors, your threat
model, and probably there is no real point for you to speculate about my
(possible) family and my hard drive data arrangement.
--
Cheers,
Milo
More information about the Gnupg-users
mailing list