emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security flaw in pgg-gpg-process-region?

From: Daiki Ueno
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Tue, 05 Sep 2006 14:06:00 +0900
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) 
>>>>> In <address@hidden> 
>>>>>   David Kastrup <address@hidden> wrote:
> Daiki Ueno <address@hidden> writes:

> > Second, (1) causes a problem which forbids using ISO-8859-1
> > characters in passphrases.  So he proposed (2), but it was not a
> > correct fix (passphrases should be encoded in locale-coding-system
> > rather than just making them unibyte) and it was not working before
> > the reversion.  I think this is not so important problem, since it
> > can be avoided by using ASCII only passphrases in practice.

> Passphrases exist outside of Emacs, and you don't have the option of
> just typing something else.

In theory you are right.  However, since GnuPG treats passphrase input
as a byte sequence not characters, if you set your passphrase on a
ISO-8859-1 terminal, you can't input the same passphrase on any UTF-8
terminals.

Anyway, I fixed it in Gnus CVS so that passphrases are encoded with
locale-coding-system.  I'm not sure if we should add a new user option
to control the encoding.

Regards,
-- 
Daiki Ueno
reply via email to
[Prev in Thread] Current Thread [Next in Thread]