Only grab keyboard when line edits have focus in pinentry (qt)
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jun 30 17:40:21 CEST 2016
On Wed 2016-06-29 09:04:13 -0400, Andre Heinecke wrote:
> As case b) is more of a usability problem and not a technical
> vulnerability my personal weighing would be that the global grab is
> the bigger usability problem then the chance that you accidentally
> input secrets into the wrong window.
usability problems and technical vulnerabilities are not mutually
exclusive :)
i don't know whether i've ever had a malicious application try to snoop
my passphrases, but i've *definitely* had situations where i was saved
by the keygrab from mistyping my passphrase into the wrong window.
> Ok your experience there differes from mine I have never felt that the
> global grab saved me from anything but often felt "aaah damn, forgot
> to decrypt the passphrase before signing this file". Because I
> regularly have to look up the passphrase for other keys in encrypted
> files so for me having multiple pinentries active / decrypting a file
> containting a passphrase while pinentry is open is a regular use case
> for me and for that the "less agressive" grabbing is an advantage.
sure, i understand this frustration and have run into it myself. It
suggests to me that my passphrase-caching mechanism isn't sufficiently
integrated into my workflow, not that kbd-grabbing is the wrong
approach.
> The global grab is actually a reason why I like to use a smartcard
> reader with a pinpad.
for security purposes, i'd love to see a pinentry that relies on
inputs/signalling from outside X11 entirely.
> Imo as pinentry is already very diverse we could just keep the global
> grab in GTK and do the focused Grab in Qt and thus offer a good
> solution for both cases. Hurray for diversity. :-)
Sure, i'm not trying to force any one pattern, i'm just observing that
this change would probably remove a major security benefit that i've
seen in the past (albeit a security benefit that defends against
clumsiness, not against a wilful adversary)
--dkg
More information about the Gnupg-devel
mailing list