[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: gpg-agent and memory locking
From: Ingo =?iso-8859-1?q?Kl=F6cker?= <ingo.kloecker () epost ! de>
Date: 2003-09-09 18:28:15
[Download RAW message or body]
On Tuesday 09 September 2003 11:42, Werner Koch wrote:
> On Mon, 8 Sep 2003 21:49:41 -0400, Todd said:
> > I'm looking to find out if gpg-agent locks memory to prevent the
> > passphrase from getting swapped and if it does, should it also be
> > setuid root as gpg (on systems that require root access to lock
> > memory that is)?
>
> Yes it does. However the use of secure memory in gpg-agent needs to
> be audited; it is likley that there are places where the passphrase
> could pop up in memory.
>
> I have also some severe doubts whether pinentry-qt makes proper use
> of secure memory. pinentry-gtk should be better becuase it uses a
> widget especially written to protect the passphrase.
<rant>
pinentry-q t is highly unstable because of the "secure memory hack". Did
you ever have a look at the code? It constantly runs out of memory for
many people (seems to depend on the widget style). It would have been
much better if you'd also written a special widget for pinentry-qt. The
current implementation definitely sucks.
</rant>
Sorry, for the rant. But I'm not at all satisfied with some of the
things that came out of project Aegypten, e.g. pinentry-qt, the
certificate manager, the S/MIME certificate selection dialog in KMail.
I just hope that the BSI will demand improvements instead of putting
project Aegypten on the list of failed projects.
Regards,
Ingo
[Attachment #3 (application/pgp-signature)]
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic