-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
I've just been looking at the toolkit, and so far everything is working as expected. However, as far as I can see, the only way to provide the secret key to oathtool is to put it on the command line. This strikes me as being unsafe -- on a multi-user system, the secret key will show up in the output of the "ps" command, and hence could be unintentionally exposed. oathtool really needs to support a command-line option to allow the secret to be read from a file (e.g. "-f secretkey.txt") or even from a file descriptor (as gnupg does with its "--passphrase-fd" option). Martin - -- Martin Radford ([email protected]) Systems and Operations Team IT Services University of Bristol PGP keyID: 5D2D92E9 PGP fingerprint: 137E 0277 9D78 7447 71D0 BB3D C20D BB9A 5D2D 92E9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) iD8DBQFPIShOwg27ml0tkukRAqZzAKC866E9subD49T88e3TpLiro7uHZgCgpQJM Mm+mb8NQpufiUAe2u/Nx3xA= =8U1q -----END PGP SIGNATURE-----
