Only grab keyboard when line edits have focus in pinentry (qt)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jun 28 17:08:22 CEST 2016


Hi Andre--

On Tue 2016-06-28 08:04:41 -0400, Andre Heinecke wrote:
> When I recently changed pinentry-qt to also support the "repeat" mode (meaning 
> two password entries in one dialog for key generation) I had to change the 
> keyboard grabbing so that it would work for both line edits.
>
> In that commit I've changed that pinentry-qt now only grabs the keyboard when 
> a password line edit has input focus. To my knowledge this still protects 
> against keyloggers which simply capture all X-Events and thus does not reduce 
> the security over the old "globally grab as soon as we are visible" behavior.
>
> This has the added advantage that you still can continue to work when pinentry 
> pops up and for example, look up the passphrase for a key in another encrypted 
> file without having to minimize pinentry-qt.
>
> But maybe I've missed some attack that is mitigated by the global grabbing 
> behavoir, so if you have concerns about that please let me know so that we can 
> discuss this before we release pinentry with this change.

I've always thought there are two different (but complementary) use
cases for keyboard-grabbing:

 a) malicious X11 (or other) applications sniffing the keyboard activity.

 b) user confusion about window focus (e.g. typing your password into
    your chat client by accident when you think you're typing in your
    pinentry)

I think the change you've made still satisfies use case (a), but i think
it might lose something for use case (b).  Maybe other people don't care
about use case (b); if so, that's fine.  For myself, i often have enough
things running concurrently (and can become sufficiently distracted)
that global kbd grab probably saves me from making that particular
mistake about once or twice a month.

       --dkg



More information about the Gnupg-devel mailing list