procyberian/emacs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* etc/NEWS: Add security consideration note on passphrase input

Browse source
This commit is contained in:
Daiki Ueno 2017-12-31 05:37:17 +01:00
parent 0c78822c70
commit f8240815ea
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
etc/NEWS
View file

@ -1502,6 +1502,15 @@ supported by the upstream project.
To adapt to the change, you may need to set 'epa-pinentry-mode' to the To adapt to the change, you may need to set 'epa-pinentry-mode' to the
symbol 'loopback'. symbol 'loopback'.
Note that previously, it was said that passphrase input through
minibuffer would be much less secure than other graphical pinentry
programs. However, these days the difference is insignificant: the
'read-password' function sufficiently protects input from leakage to
message logs. Emacs still doesn't use secure memory to protect
passphrases, but it was also removed from other pinentry programs as
the attack is unrealistic on modern computer systems which don't
utilize swap memory usually.
* Lisp Changes in Emacs 26.1 * Lisp Changes in Emacs 26.1