[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security flaw in pgg-gpg-process-region?

From: Sascha Wilde
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Tue, 19 Sep 2006 12:02:17 +0200
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux)

Richard Stallman <address@hidden> wrote:

>     The right solution might instead be to push for gpg-agent to be
>     production ready, so that entire notion of emacs dealing with
>     passphrases can be deprecated.
> What's the state of work on this?

Apart from the general problems with gpg-agent/pinentry (it seems
gpg-agent is optimized for use with card readers) the use of gpg-agent
is integrated and documented in the current PGG from CVS Emacs as well
as in the current released version of gnus.

Non the less Miles is right, that there are known issues when using
pinentry, and gpg-agent is not yet part of the stable gnupg releases.

So I would say that deprecating input of key passphrases into Emacs is
not an option yet.

Finlay I do agree that the current handling of passphrases in Emacs is
a serious security problem, which should be solved.

Sascha Wilde 
- no sig today... sorry!

reply via email to

[Prev in Thread] Current Thread [Next in Thread]