Mailing List Archive: Pass/fail test on gpg implimentation on PINE

Pass/fail test on gpg implimentation on PINE

Apr 28, 2000, 5:50 AM

Post #1 of 4 (517 views)

I'm not yet on the mail list, so please CC: me on a response. When we
implimented PGPi at our site several years ago, we used PINE, and found it
painful to have to key in the passphrase on each and every single email we
sent. It is desireable that the software has a configurable timer that,
so long as we have our PINE session open on a given host and we've invoked
the gpg within that timeframe, say 5 to 10 minutes, may I *please* not
have to type 'the longest sentence I can think of for a passphrase that is
easy to remember, difficult to guess, I hope my passphrase is long
enough'. That isn't my passphrase, really, but having to type in a 'good
passphrase' each and every email sent... yech! So we dumped PGP, years
ago. Is it about time we looked into gpg? Can we somehow use good
passphrases without the agony (and security risk of being seen) typing the
silly thing in over and over and over and over within a ten minute
session?

Tnx!

William (Andy) Smith

Re: Pass/fail test on gpg implimentation on PINE [ In reply to ]

lhecking at nmrc

Apr 28, 2000, 5:59 AM

Post #2 of 4 (518 views)

Permalink

William (Andy) Smith writes:
> I'm not yet on the mail list, so please CC: me on a response. When we
> implimented PGPi at our site several years ago, we used PINE, and found it
> painful to have to key in the passphrase on each and every single email we
> sent. It is desireable that the software has a configurable timer that,
> so long as we have our PINE session open on a given host and we've invoked
> the gpg within that timeframe, say 5 to 10 minutes, may I *please* not
> have to type 'the longest sentence I can think of for a passphrase that is
> easy to remember, difficult to guess, I hope my passphrase is long
> enough'. That isn't my passphrase, really, but having to type in a 'good
> passphrase' each and every email sent... yech! So we dumped PGP, years
> ago. Is it about time we looked into gpg? Can we somehow use good
> passphrases without the agony (and security risk of being seen) typing the
> silly thing in over and over and over and over within a ten minute
> session?

You have just described mutt. I recommend the development version
(now 1.1.12 - 1.2 final is due out soon), as it has much improved
support for gpg over 1.0.x.

http://www.mutt.org/

6.3.111. pgp_timeout

Type: number
Default: 300

The number of seconds after which a cached passphrase will expire if
not used.

Control-F forgets the passphrase. Handy if the phrase was misspelled :)

Personally, I'd use /bin/mailx over pine any day ...

Re: Pass/fail test on gpg implimentation on PINE [ In reply to ]

ftobin at uiuc

Apr 28, 2000, 10:26 AM

Post #3 of 4 (528 views)

Permalink

William (Andy) Smith, at 05:50 -0700 on Fri, 28 Apr 2000, wrote:

> I'm not yet on the mail list, so please CC: me on a response. When we
> implimented PGPi at our site several years ago, we used PINE, and found it
> painful to have to key in the passphrase on each and every single email we
> sent. It is desireable that the software has a configurable timer that,

This may soon be an optional feature (turned off by default) in
pgpenvelope.

http://pgpenvelope.sourceforge.net/

--
Frank Tobin http://www.uiuc.edu/~ftobin/

"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed." Myst: The Book of Atrus

Re: Pass/fail test on gpg implimentation on PINE [ In reply to ]

romaq at members

Apr 28, 2000, 1:44 PM

Post #4 of 4 (519 views)

Permalink

On Fri, 28 Apr 2000, Frank Tobin wrote:

> This may soon be an optional feature (turned off by default) in
> pgpenvelope.

> http://pgpenvelope.sourceforge.net/

Thanks! I'll keep an eye out.

--Andy