<<< Date Index >>>     <<< Thread Index >>>

Re: mutt/580: mutt stores PGP passphrase insecurely



On Wed, Oct 05, 2005 at 05:55:17AM +0200, Brendan Cully wrote:
> Synopsis: mutt stores PGP passphrase insecurely
> State-Changed-From-To: open->closed
> State-Changed-Why:
> Mutt can use gpg-agent, which pushes this problem outside of mutt's domain.

Er, well, come on...  just because Mutt *can* use an auxiliary program
to handle encryption passphrases securely doesn't mean mutt itself
should completely ignore the issue.  As shipped, mutt is vulnerable.

Admittedly this is not a severe issue, but it is a legitimate security
concern.  I think this really ought to be re-opened.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

Attachment: pgpNItXAtleey.pgp
Description: PGP signature