NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: lib/44075: libnetpgp: limit the number of passphrase prompts
The following reply was made to PR lib/44075; it has been noted by GNATS.
From: Alistair Crooks <agc%pkgsrc.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: lib-bug-people%NetBSD.org@localhost, gnats-admin%NetBSD.org@localhost,
netbsd-bugs%NetBSD.org@localhost
Subject: Re: lib/44075: libnetpgp: limit the number of passphrase prompts
Date: Wed, 10 Nov 2010 07:22:24 +0100
On Tue, Nov 09, 2010 at 07:10:01PM +0000, roam%ringlet.net@localhost wrote:
> >Description:
> There ought to be a cap on the number of times the user may enter
> an invalid passphrase :) Add to this the fact that netpgp cannot
> be aborted with ^C or ^Z...
Well, that's dependent on the platform - e.g.:
% netpgp -d c.gpg
netpgp: default key set to "C0596823"
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <alistair%hockley-crooks.com@localhost>
uid Alistair Crooks <agc%pkgsrc.org@localhost>
uid Alistair Crooks <agc%netbsd.org@localhost>
uid Alistair Crooks <agc%alistaircrooks.com@localhost>
uid Alistair Crooks (Yahoo!) <agcrooks%yahoo-inc.com@localhost>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
netpgp passphrase:
% uname -a
NetBSD osx-vm1.crowthorne.alistaircrooks.co.uk 5.99.26 NetBSD 5.99.26
(GENERIC) #0: Mon Apr 5 15:32:36 PDT 2010
agc%osx-vm1.crowthorne.alistaircrooks.co.uk@localhost:/usr/obj/i386/usr/src/sys/arch/i386/compile/GENERIC
i386
%
I hit ^C at the passphrase prompt above. This does not happen on
Linux (I tried RHEL, but sounds like other variants behave the same
way).
> >How-To-Repeat:
> Try to decrypt something, decide you don't want to do this just now,
> feel the need to switch to another terminal to 'killall netpgp' :)
I can understand this, but I don't like limiting it.
> >Fix:
> Apply the patch at:
> http://devel.ringlet.net/security/netpgp/patches/12-limit-passphrase.patch
>
> (and yes, I'm aware that with this patch, netpgp --decrypt
> foo.txt.gpg with three wrong passphrase tries will generate an empty
> foo.txt; still trying to track this down)
Yeah, and to add to that I'm aware that gnupg limits the number of
attempts to enter the passphrase, as does ssh, and I really don't like
that.
Regards,
Alistair
Home |
Main Index |
Thread Index |
Old Index