[OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
Peter Pentchev
roam at ringlet.net
Sat Apr 16 20:00:25 CEST 2011
On Fri, Apr 15, 2011 at 11:47:34PM -0700, Todd A. Jacobs wrote:
> Currently, it looks like pinentry-gtk-2 (I'm using 0.8.0) doesn't allow
> pasting from the clipboard. This is annoying, because a truly long,
> randomized password is not practical to type into a hidden dialog box. It
> really seems like pinentry forces one to use short, insecure passwords.
Uhm, somewhat off-topic (so marked in the subject line), and... I really
don't want to start a flamewar here, but there really, really *is* a bit
of a middle ground between a "short, insecure passphrase" and a "long,
randomly-generated one that simply must be copy/pasted" - namely, a
long, non-randomly generated one that can be written out "by hand" :)
Mine, for instance, is over 30 characters long and, while it is derived
from a couple of phrases, none of its components would be found by any
reasonable brute-force or even dictionary attack, even by people who
know me (please note that I did say "reasonable" WRT resources).
> One
> supposes there is a trade-off in security here, but I'm more concerned about
> brute-force attacks on the passphrase than I am about someone sniffing the
> clipboard--it seems that if they have access to my clipboard, they can
> probably log my keystrokes, anyway, right? So offline attacks against the
> key's passphrase seem more likely.
>
> So, I really have two questions. First, is it possible to force pinentry
> dialogs to allow pasting from the clipboard? Secondly, is it possible to
> force the CLI to use an alternate pinentry (say, pinentry-curses) or some
> other method to populate an existing gpg-agent with a cached passphrase?
G'luck,
Peter
--
Peter Pentchev roam at ringlet.net roam at FreeBSD.org peter at packetscale.com
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
If this sentence were in Chinese, it would say something else.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110416/14cf7fb0/attachment.pgp>
More information about the Gnupg-users
mailing list