Re: [Monotone-devel] straw poll: do you ever turn persist_passphrase_ok off?

[William Uther]

On 02/02/2008, at 6:42 AM, Zack Weinberg wrote:

> Has anyone ever turned persist_passphrase_ok off, and if so, when  
> and why?
>
> Considering that turning it off means 'mtn commit' will prompt for
> your passphrase five times (assuming you type it correctly each time),
> which is *terrible* UI, and also that the auto-ssh-agent code ignores
> the hook AFAICT, so your decrypted key may still wind up cached in
> some process's memory even if you disabled the internal-to-monotone
> persistence - I'm seriously considering junking it altogether (on
> .experiment.encapsulation, but I hope to be done with that and merge
> it Real Soon).
>
> (Also, I'm at a loss to see what threat disabling it defends against.
> Note that the passphrase itself is not cached; only the decrypted key,
> and that in botan's SecureVectors (which are not actually secure
> against drive-process-to-swap attacks as presently configured, but
> meh).)

Yeah - sounds like it should be junked.  I'm guessing that the memory  
the
key was in is never zero'd after use anyway.  So no keeping track of  
that
key doesn't mean someone couldn't find it in your core anyway.

Cheers,

Will       :-}