On 2009-04-08 00:17 +0200, H.S. wrote: > Douglas A. Tutty wrote: >> On Tue, Apr 07, 2009 at 05:46:31PM -0400, H.S. wrote: >>> Douglas A. Tutty wrote: >>>> Where does it hold the decrypted data? Does it stay in RAM, does it get >>>> swapped, does it go to a scratch file? >>> This might help: >>> http://www.easypg.org/ >> >> yea, it looks like it can leak info.
Note that this page actually says that easypg correctly deals with the potential problem of leaking the passphrase. > I am just starting to play around with the two tools (gnupg.vim and > easypg). You appear to already know about vim and have pointed out a > possible problem with easypg. Does this problem not exist in the vim plugin? There are actually two problems that have to be dealt with: - leaking out the passphrase to disk - leaking out an unencrypted copy of the data you're editing. Obviously, the first problem is the more severe one, and easypg avoids it. The second one is hard to avoid since the editor process is subject to being swapped out to disk or leaving behind core files. Basically editing sensitive data on a machine you don't control should be avoided if possible. Note that both easypg and gnupg.vim avoid leaking unencrypted data to disk files (easypg disables auto-saving, gnupg.vim the swapfile). Sven -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
