A safe text editor
Marco Steinacher
marco+gnupg at websource.ch
Sun Sep 9 23:29:44 CEST 2012
Am 09.09.2012 20:39, schrieb Peter Lebbing:
> On 09/09/12 13:12, Milo wrote:
>> Also there are vim scrips allowing some level of integration with gnupg.
>
> Personally, I'd have more faith in a text editor that was written ground-up with
> security in mind. If you take a full-fledged editor that was never intended to
> hide the contents, and then bolt on the security with some scripts, it's quite
> likely you're missing some way in which it is leaking your data.
Isnt't that the problem with almost any data? At some point you have to
decrypt it to edit or view it with some application. Be it an email
message, a text file, a picture, or a PDF file. And during this process
decrypted data will be stored temporarily in memory or on the disk. I
think demanding all allplications to be aware of this and to handle it
securely is quite a strong requirement, although somehow reasonable.
(And as always, it depends on your threat model of course.)
I don't know, for example, how it is done in the Enigmail plugin. Does
it prevent Thunderbird to write unecrypted data to memory that could end
up in a swap file?
Marco
More information about the Gnupg-users
mailing list