[Cryptography] Does anyone here know PAM?

Steve Kinney admin at pilobilus.net
Tue Apr 4 12:37:37 PDT 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 04/04/2017 01:44 PM, grarpamp wrote:
> On Tue, Apr 4, 2017 at 10:04 AM, Phillip Hallam-Baker 
> <phill at hallambaker.com> wrote:

>> * Has someone already done this for GPG Agent?
> 
> Probably.

gnupg-agent is in serious need of some bugfixes, at least the version
that makes it into Mint.  Once it sees a pass phrase, gnupg-agent
retains it until the system is shut down; stored pass phrases persist
through user logout/login.

This behavior is supposed to be controlled by a config file where a
timeout can be set, but none is present in the default installations I
have seen on Mint, and creating a new gpg-agent.conf as directed in
the man page for gnupg-agent does exactly nothing to alter its behavior.

The Debian devs say this is a non-issue.  Their excuse:  "Physical
access is game over."  How's that for convenient?

Never mind that broken gnupg-agent means physical access by any
unskilled snooper gives that person the ability to read and copy
encrypted documents and files, or apply your signature to anything,
while your back is turned.  Not an issue.  The presence of your pass
phrase in system memory, as/when a non-persistent exploit checks to
see if pass phrases for the secring keys it just sent to its owner are
available in memory is not a potential issue, either.

My work-arounds for this BS:

http://pilobilus.net/gnupg-agent_work_around_for_linux_mint.html

Come to think of it, I'm gonna copy this reply to a new thread.  It's
on topic to the group and deserves more attention.

:o)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJY4/YAAAoJEECU6c5XzmuqaugH/A1/4Whop9ZaqFee6+vgba09
PRMJsX6MJY+ZmuFxS7P+AQIJUUXqjRXzbK3oXS7zq6pBu2bi7CVD8NA5ZH/FYeFD
jTtF4Tk9A8bmKb2bdsSigSzaU5hFNOXHr5bKf2dE/jFE3rxL7aR2S7TtKqWSBx3I
GTyyv0BHFoYTW08zz2vFEHSZPjF5PWkNIa5LohoSW1NkyMWvcy1ua1LkqbSyzE6F
icj9rK1y6q3XrenZflXRJxsvwzPbjOl4xi+PIL8RxfbCwPXbSH7RRIRrsFbg7+IQ
pkO9PufV0ohVjk1iQblcRbhsDDddaLLRqeZD582l/t1OXv3XJIyJJL8/aqbFl34=
=BsdF
-----END PGP SIGNATURE-----


More information about the cypherpunks mailing list