[Psi-devel] Re: what happened to saving gpg passphrase?

Sun May 29 08:48:17 PDT 2005

On 5/29/05, Justin Karneges <justin-psi2 at affinix.com> wrote:
> On Saturday 28 May 2005 09:14 pm, Hal Rottenberg wrote:
> > Uhhhh what?  I don't recall that decision being made.  Besides, I

> GnuPG is a high-security application, to the extent that it even encrypts its
> own local data (your private key) to ward off attackers that manage to
> compromise your machine.  Saving the passphrase /on/ the disk defeats the
> purpose of having a passphrase /to/ the disk.

Yeah, yeah, but I only use it for IM.  At home I don't care about the
passphrase being on disk anyways.  For my purposes, I consider my home
PC is "invincible".  My work laptop, maybe I don't want the passphrase
stored there.  I suppose the correct way to do this is to ues an
agent.  I just didn't want to bother.  I don't care that much.

> could use your passwords.  With GnuPG, however, the specific purpose of the
> passphrase is to thwart those with access to your machine.  By saving it,
> what you are really saying is that you'd rather not have a passphrase at all.
> And guess what?  You can remove it if you don't want it. :)

Can you tell me how?  I haven't figured that out yet.  Yes, I could
figure it out, but see above.  I've already spent too much time on
this email for something for which I care almost nothing.  gpg
--edit-key doesn't have a passphrase change option.

> Why can't we just use the native functions to encrypt and decrypt the
> passphrase, instead of using half-backed encoding?

Yes, this should be the goal for ANY application.  Never store any
password in plain-text.  And if there is a native encryption function,
use it over rolling your own.

> The use of a passphrase-saving option indicates a great misunderstanding of
> GnuPG passphrases on the part of users.  The fact that the feature existed in
> Psi indicates a great misunderstanding of GnuPG passphrases on the part of
> developers (me).  After reading this pile of text I've just written, we
> should all be on a new level of understanding.

Yes.  GPG is stupid.  

I don't even want to use it, I just want e2e, and I want there to be
almost zero configuration on the client side.  Like Trillian.  The
only use case I care about is encrypting relatively important data,
such as giving a password to someone in a chat, so that nobody in
between can read it.

> On Sunday 29 May 2005 12:14 am, Remko Troncon wrote:
> > I have always been pretty optimistic about this, and thought that our
> > users would be open for some real changes (provided that the changes
> > were not inherently worse for them). But the GPG thing makes me think
> > i should stop trying this stuff, and just go back to implementing
> > features again.
> 
> Well, you shouldn't be taking any heat from this.  I was planning to do it
> someday anyway.

Yeah, don't take it personally Remko.  Keep being controversial, it's
good for the project.

So in conclusion, I'm probably just going to disable GPG.

-- 
Psi webmaster (http://psi-im.org)
im:hal at jabber.rocks.cc
http://halr9000.com