pinentry-mac suffers from the XARA attack
Reported by Fred Akalin | June 25th, 2015 @ 07:39 PM | in 2.0.28 (closed)
See http://www.theregister.co.uk/2015/06/17/apple_hosed_boffins_drop_0d... and http://arxiv.org/abs/1505.06836 .
Looking at https://github.com/GPGTools/pinentry-mac/blob/master/Source/Keychai... , the fix is probably just to remove and readd instead of updating or adding.
Comments and changes to this ticket
-
Mento June 26th, 2015 @ 02:15 PM
- State changed from “new” to “fixed”
- Assigned user set to “Mento”
- Importance changed from “” to “Low”
-
steve July 1st, 2015 @ 10:59 PM
- State changed from “fixed” to “verified”
Verified. Using latest nightly and updated pinentry-mac.
- change passphrase for an existing key
- create new encrypted + signed mail
- pinentry asks for passphrase
- enter new passphrase
Look at Keychain Access.app
→ new entries created (nice change giving those entries proper names!) → old entries gone✔ Expected: The old entries should not be updated but new entires should be created.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Fred Akalin
Luke Le
steve