-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
Hello Faramir ! Faramir <[EMAIL PROTECTED]> wrote: > Well, I _suppose_ (and I can be very wrong about it) it is not a > threat, probably, since GnuPG is "smart" and it can "decide" what to do, > depending on the input it receives, probably enigmail detected > a PGP > block, and sent it to gpg... and gpg probably detected it was encrypted, > and asked for a passphrase to decrypt it... I _suppose_ the worst thing > that can happen, would the secret key being displayed unencrypted in the > screen... but I doubt somebody would be able to look at it over your > shoulder and memorize it ;) > Anyway, since Thunderbird 2 can run javascript... would it be feasible > to send a js file attached to a message, resembling Enigmail's > passphrase dialog? GnuPG is not involded. Everytime you use a shell, this shell can be: - -malicious itself, as it sees all your passwords and passphrases. - -imitated by a remote that sends a window that looks like the original one. - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iHEEAREDADEFAkkGuGMqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMlLgAoMKx22a9OTIFzZgqXB/afKH9GR2qAKDg e9rt714qrLQB1pny0Ngxhfn1EQ== =xqRz -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users