|
|
Log in / Subscribe / Register

Koch: A New Future for GnuPG

Koch: A New Future for GnuPG

Posted Jan 4, 2022 17:30 UTC (Tue) by vadim (guest, #35271)
In reply to: Koch: A New Future for GnuPG by ballombe
Parent article: Koch: A New Future for GnuPG

How does a process make that any better? If GPG is decrypting something for you, you end up with cleartext on the output, then it's your responsibility to deal with that properly.

I also don't see why a library couldn't do that. These days gpg runs as a normal user, because locking a small amount of memory is allowed by the kernel without any extra privileges. So a hypothetical libgpg could just do that.

to post comments

Koch: A New Future for GnuPG

Posted Jan 4, 2022 17:44 UTC (Tue) by ballombe (subscriber, #9523) [Link]

At least the decrypted private keys, nonce used and anciliary secrets are not exposed.

Koch: A New Future for GnuPG

Posted Jan 4, 2022 18:07 UTC (Tue) by ibukanov (subscriber, #3942) [Link]

In-process library implementing crypto in software can be attacked via Spectre. So to protect against key and password leaks a separated process must be used with defenses against cross-process attacks exploiting hardware vulnerabilities that are not yet fixed.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds