> Is this really a useful criterium? I think so, but I'm well-known for being barking mad. Hornswoop me bungo pony, dogsled on ice (red and black, it's their color scheme). By the silverfish imperetrix whose incorrupted eye sees through the charms of doctors and their wives...
(At some point it's really hard to distinguish random Blue Oyster Cult lyrics from a full-on psychotic episode.) > execute arbitrary code with your credentials, you should simply > consider your GnuPG installation compromised whether you use the > clipboard or not. C&P is a time machine. If I enter a passphrase normally on Monday and my machine is compromised on a Tuesday, I can be confident my certificate is still secure because I never entered my passphrase on a compromised machine. If I enter a passphrase via C&P on Monday and my machine is compromised on a Tuesday, I suddenly have to worry: was my passphrase still in my C&P buffer? Did I remember to wipe the C&P buffer? Did the C&P buffer get wiped securely? Did I... Generally speaking, it is suboptimal to enter passphrases via C&P. It makes it possible for a compromise tomorrow to discover the passphrase you entered today. I don't doubt there are situations where it makes sense to use C&P. I've yet to find one, though. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
