('binary' encoding is not supported, stored as-is) I noticed that the new PGP 7.04 Patch, while addressing the security issue that required Network Associates to issue the patch, also appears to affect the Passphrase Cache. After applying the patch, I noticed that my passphrase cache, while still set to 2:00 minutes, was now functioning as though I had set it to "Cache Passphrase While Logged On." In other words, no matter how long it had been since I had last entered my passphrase, I could open any PGP e-mail or document without entering my passphrase again. Checking the Options screen, I discovered that the Passphrase Cache still appeared to be set at 2:00 minutes. Even setting it to 1 Second did not solve the problem; my passphrase was still cached for as long as I was logged on. The only way I could find to resolve this problem was to reset the option to NEVER cache my passphrase. I brought this to the attention of Network Associates, and they WERE able to replicate my findings. However, their position is that since this is an old and not currently supported version of PGP, they were not going to fix this problem. According to them, my only option was to upgrade to version 7.1.1, which they feel does not have this problem. I feel that this problem is potentially much more important than the problem that required the patch in the first place, since there is a much higher likelihood of a security problem if anyone can read any PGP e-mail or document on your computer by simply opening it up. I also feel that if Network Associates felt they had to fix their initial security problem with this patch, that they should also have to fix the security problem that their patch caused.
This archive was generated by hypermail 2b30 : Thu Jul 25 2002 - 14:53:18 PDT