I have a suggestion regarding the cacheing of pass phrases. Right now, it appears that every time an encrypted message arrives that the pass phrase must be entered in order to decrypt it. I suggest the following options, if it is not too difficult to implement:
- Required for every message
- Required the 1st time an encrypted message is received following a security/password unlock of the system.
- Required for the 1st message following power on/power off
- Always cached (bad security practice, but some might use it).
On a different note, I have also just now received two messages where the decrypt failed with the notification of an EXCEPTION. No idea what this means, and what could be done. It was a fairly vanilla text (no html) message with some embedded links, etc., but nothing extraordinary.
Last edited by djm2; 06-27-2008 at 10:40 AM..
Reason: Clarity
|