Which release should we be using?
Werner Koch
wk at gnupg.org
Mon Aug 22 16:25:51 CEST 2011
On Mon, 22 Aug 2011 15:27, dpmcgee at gmail.com said:
> extremely shortsighted. Any password management program like Keepass
> makes transfer via the clipboard easy and relatively safe (clearing it
> after 10 seconds), so that doesn't sound like the safety of "no
> passphrase at all".
You may not understand for what the passphrase in GPG is used: It is a
fail-stop mechanism to mitigate the compromise of a secret key. In that
it is similar to the master passphrases of all these password managers.
Anyway, if you want to enable cut+paste just go ahead and implement it
in a pinentry version (to be exact, disable the the secure text entry
widget). Please don't ask me to do that: I consider it as false
security. BTW, pinentry is a separate package from GnuPG and easy to
hack.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list