| 1 |
On 3/28/11 2:05 AM, Robin H. Johnson wrote: |
| 2 |
> I see so many bad ideas mentioned in this thread. The suggestions to |
| 3 |
> keep a gpg-agent with a very long passphrase TTL just provides a massive |
| 4 |
> new security hole: |
| 5 |
> === |
| 6 |
> Attacker breaks into developer's system, has access to SSH agent and GPG |
| 7 |
> agent thanks to software like keychain, now can commit as that |
| 8 |
> developer. |
| 9 |
|
| 10 |
If a dev machine is compromised, the attacker can install a keylogger |
| 11 |
and sniff the passphrase. Or he can wait for the dev to enter the |
| 12 |
password into gpg-agent and then use it. Or pop up a fake passphrase |
| 13 |
dialog box. There many other things that can happen at that point. |
Archives