Re: gpg: "Warning: using shared memory" - SUID?
- To: Debian User <firstname.lastname@example.org>
- Subject: Re: gpg: "Warning: using shared memory" - SUID?
- From: Chris Gray <email@example.com>
- Date: Fri, 01 Dec 2000 10:23:35 -0500
- Message-id: <firstname.lastname@example.org>
- In-reply-to: Harry Henry Gebel's message of "Thu, 30 Nov 2000 22:57:53 -0500"
- References: <20001130035023.F7159@ix.netcom.com> <20001130192549.A2405@linuxpower.org> <20001130120558.A24401@ix.netcom.com> <20001130212859.B3737@linuxpower.org> <20001130123233.E24401@ix.netcom.com> <email@example.com> <20001130141555.C29947@ix.netcom.com> <firstname.lastname@example.org> <20001130174728.A308@ix.netcom.com> <email@example.com> <20001130225753.E31152@magpage.com>
>>>>> Harry Henry Gebel writes:
hhg> The mode is NOT seen as security enough. The private key is
hhg> encrypted using a symmetrical cipher whose key is derived
hhg> from a hash of the passphrase. (the exact cipher and hash can
hhg> be specified in an S2K block in the secret keyring) In other
hhg> words, if you selected a very good passphrase (this is a BIG
hhg> if for most people) if is just as well encrypted as any gpg
hhg> encrypted message message. The reason people must not be
hhg> allowed to read it is that it gives attackers a single key to
hhg> discover that can then be used to recover ALL of the
hhg> (symmetrical) keys used to encrypt messages with that key,
hhg> (and because most people choose poor passwords discovering
hhg> that one key would not be hard for most people's keyrings. I
hhg> am not sure what doing 'less' on the keyring is supposed to
Oh. I guess I should start thinking about what I write before I
write it. In my defense, I didn't find anything to contradict what I
wrote in the gpg man page, but I suppose that I didn't read enough.
Consider me humbled.
Thanks for the correction,
Every child in America MUST get one of these things for Christmas or
Chanukah or Kwanzaa or Atheist Children Get Presents Day.
-- Dave Barry