[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security flaw in pgg-gpg-process-region?
From: |
Daiki Ueno |
Subject: |
Re: Security flaw in pgg-gpg-process-region? |
Date: |
Tue, 05 Sep 2006 14:06:00 +0900 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) |
>>>>> In <address@hidden>
>>>>> David Kastrup <address@hidden> wrote:
> Daiki Ueno <address@hidden> writes:
> > Second, (1) causes a problem which forbids using ISO-8859-1
> > characters in passphrases. So he proposed (2), but it was not a
> > correct fix (passphrases should be encoded in locale-coding-system
> > rather than just making them unibyte) and it was not working before
> > the reversion. I think this is not so important problem, since it
> > can be avoided by using ASCII only passphrases in practice.
> Passphrases exist outside of Emacs, and you don't have the option of
> just typing something else.
In theory you are right. However, since GnuPG treats passphrase input
as a byte sequence not characters, if you set your passphrase on a
ISO-8859-1 terminal, you can't input the same passphrase on any UTF-8
terminals.
Anyway, I fixed it in Gnus CVS so that passphrases are encoded with
locale-coding-system. I'm not sure if we should add a new user option
to control the encoding.
Regards,
--
Daiki Ueno
- Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region), Reiner Steib, 2006/09/02
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/02
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/02
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/03
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/03
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/04
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/04
- Re: Security flaw in pgg-gpg-process-region?, David Kastrup, 2006/09/04
- Re: Security flaw in pgg-gpg-process-region?,
Daiki Ueno <=
- Re: Security flaw in pgg-gpg-process-region?, Chong Yidong, 2006/09/05
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/06
- Re: Security flaw in pgg-gpg-process-region?, Daiki Ueno, 2006/09/06
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/07
- Re: Security flaw in pgg-gpg-process-region?, Richard Stallman, 2006/09/06
Re: Security flaw in pgg-gpg-process-region? (was: pgg-gpg-process-region), Richard Stallman, 2006/09/03
Re: Security flaw in pgg-gpg-process-region?, Florian Weimer, 2006/09/03