-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Hello Faramir !
Faramir <[EMAIL PROTECTED]> wrote:
> Well, I _suppose_ (and I can be very wrong about it) it is not a
> threat, probably, since GnuPG is "smart" and it can "decide" what to do,
> depending on the input it receives, probably enigmail detected
> a PGP
> block, and sent it to gpg... and gpg probably detected it was encrypted,
> and asked for a passphrase to decrypt it... I _suppose_ the worst thing
> that can happen, would the secret key being displayed unencrypted in the
> screen... but I doubt somebody would be able to look at it over your
> shoulder and memorize it ;)
> Anyway, since Thunderbird 2 can run javascript... would it be feasible
> to send a js file attached to a message, resembling Enigmail's
> passphrase dialog?
GnuPG is not involded.
Everytime you use a shell, this shell can be:
- -malicious itself, as it sees all your passwords and passphrases.
- -imitated by a remote that sends a window that looks like the original one.
- --
Laurent Jumet
KeyID: 0xCFAF704C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iHEEAREDADEFAkkGuGMqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB
RjcwNEMuYXNjAAoJEPUdbaDPr3BMlLgAoMKx22a9OTIFzZgqXB/afKH9GR2qAKDg
e9rt714qrLQB1pny0Ngxhfn1EQ==
=xqRz
-----END PGP SIGNATURE-----
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
