-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Wednesday, June 25, 2003, 2:48:59 PM, Paul Harrison wrote: > Thanks for your usual level of concern for we fellow Bat-ters. Agreed! Thank you very much. > Do you (or anyone else) know if there are any plans to enable some kind of > passphrase purge facility within TB for GnuGP a la Open PGP? Memory caching with an expiration time would be even better. That way it isn't sitting in a file for ready attack. Of course, there is always the swap space to consider, too. The timed expiration of cached passphrases might be able to be approximated by writing a .bat script to delete the PWCACHE.INI file and scheduling it to run every 'n' minutes with something like Icron http://www.surguy.net/articles/icron.xml Just a thought. > I noticed that the passphrases I deleted were complete gobbledegook, so I assume > they are also encrypted so as to prevent laptop thieves getting at them. I'd be interested to know if this is encrypted with an OpenSource algorithm. Blowfish, maybe? It would be a shame if the encryption of the passphrase for the keyring was weak. I also discovered something by experimentation. It appears the line is in the form <account or key id>|<passphrase>. Deleting everything from the "|" character to end-of-line leaves the key/account ID populated in the dialog, but requires the passphrase to be entered. Just perfect for my mix of usage and paranoia. :-) Clif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) iD8DBQE++jaHks2nR5uSeicRAoy/AKCYvZsM2sL1MwvBk89D3aZL5M5AlQCZAar1 /BTXhKuiWqQEy5skdaJ8Yyg= =pDzc -----END PGP SIGNATURE----- ________________________________________________ Current version is 1.62r | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
