* Thomas Roessler ([EMAIL PROTECTED]) [000330 13:27]:
> > I was thinking of something simpler: mutt spawns a suid
> > program called muttpgphelper, say, and gives the
> > passphrase to this program. When mutt wants to invoke
> > gnupg it sends a request down a pipe to muttpgphelper
> > which then invokes gnupg and gives the passphrase to
> > gnupg down another pipe.
>
> I think a more interesting variant may be some kind of
> passphrase-agent which is directly contacted by gnupg, pgp
> & friends through some Unix domain socket. I have even
> some code from a year or two ago.... However, this has
> two downsides:
>
> (1) mutt still has to temporarily store the pass phrase or
> parts thereof in insecure memory
No. You can always allow the gnupgd thing to grab the keyboard and get the
data itself.
But this is really a non-issue, as what we're trying to avoid here is the
thing getting swapped out, which it won't be when you keep sending chars to
the application.
> (2) same with most versions of PGP - remember, most don't
> run setuid root.
Keep in mind that most PGP apps don't keep the passphrase in memory for ages.
> (3) this approach requires modifications to all PGP
> back-ends used.
It does? Why?
> Frankly, I really don't believe one should expect highest
> security from low-security devices. If you really care,
> don't use a pass phrase, and software crypto, but use a
> smart card with biometric user authentication for all the
> public-key crypto.
Smard cards get broken.
Anyways, I do get your point, but mine is simply that while we cannot get
perfect security, why not improve on at least the things that are easy to
attack?
Terje Elde
--
Tuj uh yaau fudj å buiu qdthu fuhieduhi ahofjuhju cubtydwuh.
Uh yaau tujju qbj tuj rulyiuj tk jhudwuh veh å yddiu qj cqd cå rhkau
ijuhauhu shofje?
PGP signature
