Confirmation for cached passphrases useful?
Robert J. Hansen
rjh at sixdemonbag.org
Fri Oct 15 21:36:51 CEST 2010
On 10/15/10 2:49 PM, Jameson Rollins wrote:
> Without use confirmation in the agent, a malicious program running under
> your account could access your secret key without you knowing it.
This can still happen with a confirmation prompt. Confirmation cannot
protect against malware running under your account. If the agent pops
up a dialog box, then all I have to do is intercept the dialog box and
answer 'yes.'
More information about the Gnupg-users
mailing list