[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] emacs-26 f824081: * etc/NEWS: Add security consideration n
From: |
Daiki Ueno |
Subject: |
[Emacs-diffs] emacs-26 f824081: * etc/NEWS: Add security consideration note on passphrase input |
Date: |
Sat, 30 Dec 2017 23:39:54 -0500 (EST) |
branch: emacs-26
commit f8240815ea1e44cf0b16552ed3a3676b2dc85787
Author: Daiki Ueno <address@hidden>
Commit: Daiki Ueno <address@hidden>
* etc/NEWS: Add security consideration note on passphrase input
---
etc/NEWS | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/etc/NEWS b/etc/NEWS
index 692c28a..7bd3a4c 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -1502,6 +1502,15 @@ supported by the upstream project.
To adapt to the change, you may need to set 'epa-pinentry-mode' to the
symbol 'loopback'.
+Note that previously, it was said that passphrase input through
+minibuffer would be much less secure than other graphical pinentry
+programs. However, these days the difference is insignificant: the
+'read-password' function sufficiently protects input from leakage to
+message logs. Emacs still doesn't use secure memory to protect
+passphrases, but it was also removed from other pinentry programs as
+the attack is unrealistic on modern computer systems which don't
+utilize swap memory usually.
+
* Lisp Changes in Emacs 26.1
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] emacs-26 f824081: * etc/NEWS: Add security consideration note on passphrase input,
Daiki Ueno <=