[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Monotone-devel] straw poll: do you ever turn persist_passphrase_ok off?

From: Zack Weinberg
Subject: [Monotone-devel] straw poll: do you ever turn persist_passphrase_ok off?
Date: Fri, 1 Feb 2008 14:42:24 -0500

Has anyone ever turned persist_passphrase_ok off, and if so, when and why?

Considering that turning it off means 'mtn commit' will prompt for
your passphrase five times (assuming you type it correctly each time),
which is *terrible* UI, and also that the auto-ssh-agent code ignores
the hook AFAICT, so your decrypted key may still wind up cached in
some process's memory even if you disabled the internal-to-monotone
persistence - I'm seriously considering junking it altogether (on
.experiment.encapsulation, but I hope to be done with that and merge
it Real Soon).

(Also, I'm at a loss to see what threat disabling it defends against.
Note that the passphrase itself is not cached; only the decrypted key,
and that in botan's SecureVectors (which are not actually secure
against drive-process-to-swap attacks as presently configured, but


reply via email to

[Prev in Thread] Current Thread [Next in Thread]