Results 1 to 2 of 2

Thread: False PGP security

  1. #1
    Join Date
    Aug 2009
    Beans
    111

    Angry False PGP security

    I've used PGP for many years, but recently it's security is compromised by conveniences in Linux.

    With recent versions of Linux, someone had the idea that the PGP 'Passphrase' should be stored in your local keyring. This is the worst thing to do because anyone that clicks on your e-mail client can read all your encrypted e-mails without having to enter the passphrase. For example, if you use your daughters name as your logon password, anyone can hack that simple password, then have access to all your PGP encrypted info.

    In the past, a person was prompted for the PGP passphrase every time. Then it was cached for a few minutes, which was ok. Now it's not even required. This needs to be fixed.

  2. #2
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: False PGP security

    While you might get some advice as to how to make this work for you (for instance by making sure the keyring is used as expected), the Ubuntu Forums is not a venue for contacting developers to suggest a fix. The UF is a peer-to-peer end-user help site. We are all volunteers. Nobody here is employed by Canonical or, as far as I know, any group responsible for development or maintenance of the Linux kernel.
    Please read The Forum Rules and The Forum Posting Guidelines

    A thing discovered and kept to oneself must be discovered time and again by others. A thing discovered and shared with others need be discovered only the once.
    This universe is crazy. I'm going back to my own.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •