1 |
On 3/28/11 2:05 AM, Robin H. Johnson wrote: |
2 |
> I see so many bad ideas mentioned in this thread. The suggestions to |
3 |
> keep a gpg-agent with a very long passphrase TTL just provides a massive |
4 |
> new security hole: |
5 |
> === |
6 |
> Attacker breaks into developer's system, has access to SSH agent and GPG |
7 |
> agent thanks to software like keychain, now can commit as that |
8 |
> developer. |
9 |
|
10 |
If a dev machine is compromised, the attacker can install a keylogger |
11 |
and sniff the passphrase. Or he can wait for the dev to enter the |
12 |
password into gpg-agent and then use it. Or pop up a fake passphrase |
13 |
dialog box. There many other things that can happen at that point. |