Confirmation for cached passphrases useful?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Oct 12 09:05:56 CEST 2010


On 10/12/2010 02:26 AM, Werner Koch wrote:
> On Tue, 12 Oct 2010 04:44, dkg at fifthhorseman.net said:
> 
>> (e.g. one process can send a simulated mouseclick to another process
>> pretty easily) but that doesn't mean no one is running with a
> 
> The standard pinentry grabs mouse and keyboard and thus we should be
> protected against this kind of attack.

I think that grabbing mouse and kbd prevents other tools from *reading*
the kbd and mouse events.  It doesn't prevent synthesized events from
triggering those inputs (e.g. clicking "OK" on a button).

As a simple example, try:

  sleep 3 && xdotool key Return & echo GETPIN xxx | pinentry

The backgrounded process hits the enter key on a foregrounded (grabbed)
pinentry-gtk.

So while it's useful to protect passphrase entry from other snooping X11
applications, i don't think that the kbd/mouse grab approach is
sufficient protection for a simple confirmation prompt dialog box.

I'd be happy to be corrected on this if i'm wrong, of course.

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101012/ae2649c2/attachment-0001.pgp>


More information about the Gnupg-users mailing list