From: Daiki Ueno <ueno@unixuser.org>
Cc: satyaki@chicory.stanford.edu, Reiner.Steib@gmx.de, ding@gnus.org,
emacs-devel@gnu.org, fw@deneb.enyo.de, jas@extundo.com
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Tue, 05 Sep 2006 20:57:26 +0900 [thread overview]
Message-ID: <8fe569ef-0b5e-4c29-b434-686fce4c619b@well-done.deisui.org> (raw)
In-Reply-To: <E1GKXSp-0002f5-Gr@fencepost.gnu.org> (Richard Stallman's message of "Tue, 05 Sep 2006 05:43:27 -0400")
>>>>> In <E1GKXSp-0002f5-Gr@fencepost.gnu.org>
>>>>> Richard Stallman <rms@gnu.org> wrote:
> When decrypting PGP messages PGG will send your passphrase along
> with data, so if Emacs process is killed and [someone else has]
> stolen your note PC, your passphrase can also be stolen from the
> temp file.
> Since it is not likely for Emacs to be killed just while it is running
> GPG, I think that very few users have such temp files lying around.
> So the thief would need to be very lucky (as well as knowing about
> such things) in order get anyone's pass phrase.
I don't think so. The rationale is, (1) decrypting large data takes
some time, (2) the user tends to interrupt Emacs from the terminal, and
(3) every file PGG writes out are in the same format
"p@ssphr@se
-----BEGIN PGP MESSAGE-----
...
-----END PGP MESSAGE-----"
I think every security problem looks not feasible, at a glance.
Regards,
--
Daiki Ueno
next prev parent reply other threads:[~2006-09-05 11:57 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-26 12:41 pgg-output-buffer gets created as a unibyte buffer Katsumi Yamaoka
2006-04-26 13:22 ` Daiki Ueno
2006-04-26 22:27 ` Katsumi Yamaoka
2006-04-27 7:01 ` Katsumi Yamaoka
2006-04-27 9:36 ` Daiki Ueno
2006-04-27 10:19 ` Katsumi Yamaoka
2006-04-27 10:48 ` Katsumi Yamaoka
2006-04-27 14:45 ` Daiki Ueno
2006-04-27 15:23 ` Romain Francoise
2006-05-06 12:37 ` pgg-gpg-process-region (was: pgg-output-buffer gets created as a unibyte buffer) Reiner Steib
2006-09-02 11:16 ` Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region) Reiner Steib
2006-09-02 13:16 ` Security flaw in pgg-gpg-process-region? Daiki Ueno
2006-09-02 13:49 ` Daiki Ueno
2006-09-03 15:16 ` Richard Stallman
2006-09-04 1:36 ` Daiki Ueno
2006-09-04 17:18 ` Richard Stallman
2006-09-04 17:45 ` Daiki Ueno
2006-09-04 17:48 ` David Kastrup
2006-09-05 5:06 ` Daiki Ueno
2006-09-05 15:10 ` Chong Yidong
2006-09-06 8:49 ` Richard Stallman
2006-09-06 9:25 ` Daiki Ueno
2006-09-07 6:54 ` Richard Stallman
2006-09-06 8:49 ` Richard Stallman
2006-09-03 15:16 ` Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region) Richard Stallman
2006-09-03 16:28 ` Security flaw in pgg-gpg-process-region? Florian Weimer
2006-09-04 2:04 ` Daiki Ueno
2006-09-04 2:25 ` Miles Bader
2006-09-05 9:43 ` Richard Stallman
2006-09-05 11:57 ` Daiki Ueno [this message]
2006-09-06 19:05 ` Richard Stallman
2006-09-06 19:33 ` gdt
2006-09-06 21:33 ` Miles Bader
2006-09-07 21:13 ` Richard Stallman
2006-09-19 10:02 ` Sascha Wilde
2006-09-19 22:56 ` Richard Stallman
2006-11-11 22:00 ` Sascha Wilde
2006-11-12 21:12 ` Richard Stallman
2006-11-12 21:38 ` Sascha Wilde
2006-11-13 20:15 ` Richard Stallman
2006-11-14 11:11 ` Sascha Wilde
2006-09-06 22:44 ` Daiki Ueno
2006-09-07 21:14 ` Richard Stallman
2006-09-06 20:11 ` Florian Weimer
2006-09-07 14:12 ` Chong Yidong
2006-09-07 21:13 ` Richard Stallman
2006-04-27 16:08 ` pgg-output-buffer gets created as a unibyte buffer Katsumi Yamaoka
2006-04-28 5:18 ` Katsumi Yamaoka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8fe569ef-0b5e-4c29-b434-686fce4c619b@well-done.deisui.org \
--to=ueno@unixuser.org \
--cc=Reiner.Steib@gmx.de \
--cc=ding@gnus.org \
--cc=emacs-devel@gnu.org \
--cc=fw@deneb.enyo.de \
--cc=jas@extundo.com \
--cc=satyaki@chicory.stanford.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).