Re: gpg: "Warning: using shared memory" - SUID?
>>>>> Harry Henry Gebel writes:
hhg> The mode is NOT seen as security enough. The private key is
hhg> encrypted using a symmetrical cipher whose key is derived
hhg> from a hash of the passphrase. (the exact cipher and hash can
hhg> be specified in an S2K block in the secret keyring) In other
hhg> words, if you selected a very good passphrase (this is a BIG
hhg> if for most people) if is just as well encrypted as any gpg
hhg> encrypted message message. The reason people must not be
hhg> allowed to read it is that it gives attackers a single key to
hhg> discover that can then be used to recover ALL of the
hhg> (symmetrical) keys used to encrypt messages with that key,
hhg> (and because most people choose poor passwords discovering
hhg> that one key would not be hard for most people's keyrings. I
hhg> am not sure what doing 'less' on the keyring is supposed to
Oh. I guess I should start thinking about what I write before I
write it. In my defense, I didn't find anything to contradict what I
wrote in the gpg man page, but I suppose that I didn't read enough.
Consider me humbled.
Thanks for the correction,
Every child in America MUST get one of these things for Christmas or
Chanukah or Kwanzaa or Atheist Children Get Presents Day.
-- Dave Barry