Re: Confirmation for cached passphrases useful?

2010-10-11 Thread Werner Koch
On Tue, 12 Oct 2010 04:44, d...@fifthhorseman.net said: > (e.g. one process can send a simulated mouseclick to another process > pretty easily) but that doesn't mean no one is running with a The standard pinentry grabs mouse and keyboard and thus we should be protected against this kind of attack

Re: Confirmation for cached passphrases useful?

2010-10-11 Thread Daniel Kahn Gillmor
On 10/12/2010 12:34 AM, Robert J. Hansen wrote: > Heck, this doesn't even defend against an *unprivileged* attack. Give > me unprivileged access to your user account I'll edit your .profile to > put a .malware/ subdirectory on your PATH and drop my trojaned GnuPG in > there. Once the malware exec

Re: Confirmation for cached passphrases useful?

2010-10-11 Thread Robert J. Hansen
On 10/11/2010 10:44 PM, Daniel Kahn Gillmor wrote: > It would help against the situation where the malicious client does > *not* have superuser access and cannot directly override the prompting > mechanism through other mechanisms. This attack mode appears to me to be so niche that I don't see any

Re: Confirmation for cached passphrases useful?

2010-10-11 Thread Daniel Kahn Gillmor
On 10/11/2010 09:56 PM, Larry Brower wrote: > This seems like something that would get really annoying really > quickly. Why not just change settings to not cache the passphrase if > you do not like using it this way ? re-entering the passphrase each time is significantly more annoying than confir

Re: Confirmation for cached passphrases useful?

2010-10-11 Thread Larry Brower
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hauke Laging wrote: > Hello, > > I just had the idea that it might be a good countermeasure against malicious > software not to use a cached passphrase without any user interaction (and > thus > without user notice). A good compromise would be to o

Re: Confirmation for cached passphrases useful?

2010-10-11 Thread Daniel Kahn Gillmor
On 10/11/2010 10:20 PM, Robert J. Hansen wrote: > On 10/11/2010 9:25 PM, Hauke Laging wrote: >> I just had the idea that it might be a good countermeasure against >> malicious software not to use a cached passphrase without any user >> interaction (and thus without user notice). > > The most obv

Re: Confirmation for cached passphrases useful?

2010-10-11 Thread Robert J. Hansen
On 10/11/2010 9:25 PM, Hauke Laging wrote: > I just had the idea that it might be a good countermeasure against > malicious software not to use a cached passphrase without any user > interaction (and thus without user notice). The most obvious way I see to circumvent this involves throwing a tra

Re: Confirmation for cached passphrases useful?

2010-10-11 Thread Daniel Kahn Gillmor
On 10/11/2010 09:25 PM, Hauke Laging wrote: > I just had the idea that it might be a good countermeasure against malicious > software not to use a cached passphrase without any user interaction (and > thus > without user notice). A good compromise would be to open a dialog which does > not ask

Confirmation for cached passphrases useful?

2010-10-11 Thread Hauke Laging
Hello, I just had the idea that it might be a good countermeasure against malicious software not to use a cached passphrase without any user interaction (and thus without user notice). A good compromise would be to open a dialog which does not ask for the passphrase but just for the confirmatio

Re: Encrytped email attachments

2010-10-11 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 11 October 2010 at 10:56:33 AM, in , sunegtheoverlord wrote: > Hello, > Is it possible to encrypt email attachments with GnuPG? > I've read you have to install some extra libraries but > i don't know what i'm supposed to be doing?

Re: Encrytped email attachments

2010-10-11 Thread Ben McGinnes
On 11/10/10 8:56 PM, sunegtheoverlord wrote: > > Hello, > > Is it possible to encrypt email attachments with GnuPG? I've read you have > to install some extra libraries but i don't know what i'm supposed to be > doing? > > any help would be appreciated. Messages sent in OpenPGP/MIME format (wit

Re: Seahorse

2010-10-11 Thread Robert J. Hansen
On 10/8/2010 10:16 AM, Mark H. Wood wrote: > If you ever decide to promote that alternate interface, the approach I > would try is to sneak it in by actually making it an alternative This is one of the things we were specifically warned against in HCI. Give people two interfaces and the new interf

Re: Problem with Gemalto USB Shell Token V2

2010-10-11 Thread Tiago de Paula Peixoto
Hi Mukund, On 10/11/2010 02:47 PM, Mukund Sivaraman wrote: > Hi Tiago > > I just purchased OpenPGP cards and Gemalto USB Shell Token V2 readers > (see ). They work perfectly for me. > > I'll explain what I use to access them. Maybe you can adapt it to your > own use. [.

Encrytped email attachments

2010-10-11 Thread sunegtheoverlord
Hello, Is it possible to encrypt email attachments with GnuPG? I've read you have to install some extra libraries but i don't know what i'm supposed to be doing? any help would be appreciated. S -- View this message in context: http://old.nabble.com/Encrytped-email-attachments-tp29932548p2993