On 9/26/05, Werner Koch <[EMAIL PROTECTED]> wrote: > On Sun, 25 Sep 2005 00:43:44 +0200 (MET DST), Johan Wevers said: > > > echo password | gpg --passphrase-fd 0 --decrypt / --encrypt. > > > For some reasons I don't completely understand the GnuPG developers feel > > this is less insecure than a normal commandline (you're certainly not the > > first to ask this...). > > On a multi-user machine it is trivial to see the command line and even > the environment of all users without the need of root privileges. > Further the passphrase will be visible in the command line edit > history. > >
it will show on ps and on your .bash_history and on casual shoulder-surfing -- that's why it's insecure. plus it's not good security practice typing in your passphrase in the open, readable form. it's just as if you handed the world your secring and your key. on the subject of piping, you might try to get a win32 port of unix's echo command (echo.exe). win32's echo command sometimes have that ugly \n attached and will mess up your passphrase. with unix's echo, you can do an echo -n. -- /nh _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
