[OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?

Peter Pentchev roam at ringlet.net
Sat Apr 16 20:00:25 CEST 2011

On Fri, Apr 15, 2011 at 11:47:34PM -0700, Todd A. Jacobs wrote:
> Currently, it looks like pinentry-gtk-2 (I'm using 0.8.0) doesn't allow
> pasting from the clipboard. This is annoying, because a truly long,
> randomized password is not practical to type into a hidden dialog box. It
> really seems like pinentry forces one to use short, insecure passwords.

Uhm, somewhat off-topic (so marked in the subject line), and... I really
don't want to start a flamewar here, but there really, really *is* a bit
of a middle ground between a "short, insecure passphrase" and a "long,
randomly-generated one that simply must be copy/pasted" - namely, a
long, non-randomly generated one that can be written out "by hand" :)
Mine, for instance, is over 30 characters long and, while it is derived
from a couple of phrases, none of its components would be found by any
reasonable brute-force or even dictionary attack, even by people who
know me (please note that I did say "reasonable" WRT resources).

> One
> supposes there is a trade-off in security here, but I'm more concerned about
> brute-force attacks on the passphrase than I am about someone sniffing the
> clipboard--it seems that if they have access to my clipboard, they can
> probably log my keystrokes, anyway, right? So offline attacks against the
> key's passphrase seem more likely.
> So, I really have two questions. First, is it possible to force pinentry
> dialogs to allow pasting from the clipboard? Secondly, is it possible to
> force the CLI to use an alternate pinentry (say, pinentry-curses) or some
> other method to populate an existing gpg-agent with a cached passphrase?


Peter Pentchev	roam at ringlet.net roam at FreeBSD.org peter at packetscale.com
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
If this sentence were in Chinese, it would say something else.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110416/14cf7fb0/attachment.pgp>

More information about the Gnupg-users mailing list