* Thomas Roessler ([EMAIL PROTECTED]) [000328 14:57]:
> > Perhaps another solution would be to have a separate
> > suid program that remembers the passphrase and
> > communicates somehow with the mutt process ...
>
> This would be useless, since mutt would have to store that
> communication somewhere. Thus, the problem would bite
> itself into the tail.
You could argue that this is not quite the issue. Temporarily storing the key
in mutt would be less of a problem, as it won't be swapped out when it's in
use, thus passwing the passphrase to the setuid thing, then wiping memory, as
soon as you're done would actually work.
That said, I'm not sure it's the best solution, as it adds a whole bunch of
hair to everything, and so does running mutt setuid, so I'm not sure about
that either.
To jump right down to the bottom line. If somebody steals your laptop or
whatever, you should revoke the key at once, and thus this whole thing might
be a non-issue. I'd still like to see this fixed tho.
Another bad idea is to use a two stage thing. You encrypt the passphrase in
memory with a smaller passphrase, which you use to quicker unlock the bigger
passphrase when needed. Really insane tho :)
Terje
--
Tuj uh yaau fudj å buiu qdthu fuhieduhi ahofjuhju cubtydwuh.
Uh yaau tujju qbj tuj rulyiuj tk jhudwuh veh å yddiu qj cqd cå rhkau
ijuhauhu shofje?
PGP signature
