Passphrase window freezes my DE's panel - is this a bug?
Robert J. Hansen
rjh at sixdemonbag.org
Mon Apr 27 06:48:43 CEST 2020
> If using the clipboard is unsafe, then GPG would disallow its use in
> password managers as well, would it not?
How would it do so?
> If one is supposed to have long, complicated,
> difficult-to-remember-and-type passwords (which one cannot even see
> when they are being entered!), then one HAS to use a clipboard to get
> them from where they are stored into where they are needed,
Nonsense. A prior job literally *required* that I not only use
completely random passwords, but 128 bits of them, and completely change
them every six months, for four different networks. It was incredibly
annoying but possible.
If I can remember "ZECY17pJQo9PoeVqJ4S/lA==" and three others like it,
and change them twice a year, then it's simply untrue that "one HAS to
use a clipboard to get them from where they are stored into where they
are needed".
Convenient, absolutely. Good UI design, also. But not *required*.
Further, I don't know who told you that your passphrase must be long,
complicated, difficult to remember and difficult to type. The
passphrase exists as a defense in the event someone's able to steal your
private key: but if you think you've already defended against theft
adequately, use a short passphrase or none at all. Like so many things,
it all depends on your own risk model.
> Again - this disallowing of any input but that of the passphrase
> window is NEW. It did not happen until recently.
Perhaps I missed something, but did the GnuPG team write your pinentry?
If not, they're really not in a good position to offer help.
More information about the Gnupg-users
mailing list