Re: mutt/580: mutt stores PGP passphrase insecurely
On 2005-10-07 04:35:02 +0200, Derek Martin wrote:
> Er, well, come on... just because Mutt *can* use an auxiliary
> program to handle encryption passphrases securely doesn't mean
> mutt itself should completely ignore the issue. As shipped,
> mutt is vulnerable.
> Admittedly this is not a severe issue, but it is a legitimate
> security concern. I think this really ought to be re-opened.
I disagree, unless someone can actually demonstrate (a) a realistic
attack model against which mutt is vulnerable, and (b) a defense
against this attack model that could be implemented.
Hint: Encrypting the pass phrase with a symmetric key that is kept
in memory is *not* a solution to an attack that is based on reading
the pass phrase from memory, since the attack is now shifted to the
equivalently complex reading of the symmetric key from memory.
--
Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>.