On 10/11/2010 9:25 PM, Hauke Laging wrote: > I just had the idea that it might be a good countermeasure against > malicious software not to use a cached passphrase without any user > interaction (and thus without user notice).
The most obvious way I see to circumvent this involves throwing a trampoline on the UI library and bypassing this code entirely. It's a two-hour hack, assuming you already have root access to the system. It might make users *feel* more secure, but it doesn't actually help overall system security -- IMO, at least. YMMV.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
