[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fix needed for communication with gpg-agent

From: Werner Koch
Subject: Re: Fix needed for communication with gpg-agent
Date: Mon, 26 Feb 2007 11:27:03 +0100
User-agent: Gnus/5.110006 (No Gnus v0.6)

On Mon, 26 Feb 2007 04:27, address@hidden said:

> If so, does turning off caching prevent THAT problem?

Not really.  If someone is able to enter commands in Emacs, he will
also be able to read the memory of all user processes and thus find
cached passphrases.  Or he might install a key logger or a trojan or
read confidential documents directly.

The passphrase is in fact a last line of defense.  If someone can copy
the secret key he will often be able to figure out the passphrase
anyway (social engineering or dictionary attacks).

> If it does, should we document this?  Or turn off caching by default?
> Or what?

Explain that one should not leave a terminal alone and that zeroing
out swap partitions before selling a box is suggested.  Without
caching of passphrases, using crypto is to troublesome.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]