Passphrase window freezes my DE's panel - is this a bug?

Tue Apr 28 03:31:07 CEST 2020

First of all, you have created three threads about it. When you reply to
an email, you need to actually reply that mail. Just using the same
subject does not make the email get into the thread (could you imagine
the threads for emails title "Bug"?).

I am replying to the original thread, and glossing over points pentioned
over several threads.

> I don't know which of the many GPG packages throws up the passphrase window, to know to which package a bug
> report should be directed (if it is a bug).  I might have thought pinentry[*], but it is NOT one of the upgraded packages.
> (I have pinentry-curses and pinentry-gnome3 (curiously, not pinentry-qt...), at versions 1.1.0-3+b1)
> 
> My QtPass is at version 1.3.2-1, and pass is at 1.7.3-2.
> (My assumption is that QtPass is calling a GPG function that sometimes asks for the passphrase, or that QtPass calls
> a pass function that is calling a GPG function that sometimes asks for the passphrase.)

QtPass is a frontend for pass, which itself is a password manager based
on gpg. So it's normal that a prompt for the underlying gpg key ends up
appearing.

> It then asks for it again, either after a certain number of minutes,
> or after a certain number of password uses in QtPass.
> 
> 
You may play with the agent ttl options on ~/.gnupg/gpg.conf so that it
doesn't request it so often
https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html#Agent-Options

> Is this a bug, or a (security?) feature?

It is a (somewhat annoying) feature.

By grabbing the keyboard:
 a) it ensures that i don't accidentally type into another window when i
    think i'm typing in the prompter

 b) it keeps other X11 clients from sniffing the keyboard input

-- dkg on Debian bug 930062

> 
> 
> I got tired of always having to bring up my file manager, and then opening the file containing the passphrase,
> and copy and pasting it into the passphrase field, each time GPG wanted the passphrase.

You shouldn't have the password for the password manager on a file along it.

> 
> Secondly, I could write the passphrase down...  I could write ALL my
> passwords down, and then I would not need a password manager!
> Not very practical.

There is ONE passphrase you cannot keep stored in the password manager.
That's the one that gives you access to the password manager itself.†

You are having issues with that one passphrase. Writing down all your
passwords as you propose would be equivalent to using your password
manager with no password manager password (it may not be a good idea,
but you *could* do that).

> Thirdly, the password manager itself copies passwords to the
> clipboard, to be pasted into input fields.
> If using the clipboard is unsafe, then GPG would disallow its use in
> password managers as well, would it not?

It's not that the clipboard is unsafe‡ The problem with your flow is
that you are copying the master password from an unsafe place.

The reason for the master password is that, should anyone steal your
files (either physically or remotely), they would not be able to get to
the secrets stored on your password manager.

Passwords should be either directly typed or copied from a password
manager.

If you copy that password from another file, the file from which you are
copying it is the insecure part, not that you move it from that file
through the clipboard. It would be the same issue if you had the text
file open in the background and you typed it from there.

Be careful what you wish for, btw. Some pinentries *do* block pasting
from the clipboard. I had to type a gpg password that I had available on
the password manager, when the system launched the wrong™ pinentry. ☹

> If one is supposed to have long, complicated,
> difficult-to-remember-and-type passwords (which one cannot even
> see when they are being entered!), then one HAS to use a clipboard to
> get them from where they are stored into where they are needed,
> and the passphrase is supposed to be even longer (since it unlocks
> access to all the others).
> 
Above you were arguing for writing down all your passwords in plain
text, now you they need to be very difficult-to-remember-and-type
passwords.
Also, you have a few misconceptions:

> long, complicated, difficult-to-remember-and-type passwords

Passwords don't need to be “complicated to type”.

The classic example would be 'Tr0ub4dor&3' vs 'correct horse battery
staple' from https://xkcd.com/936/

The goal isn't that they are difficult to remember either.

If I needed to set one, I would state it as ‘use an unique, random
password for each realm’.

Here 'random' just means «unpredictable».

You could take your passwords from the telephone book. What you shall
not use is the phone number of your Granny, since it'd be predictable
that you used a number you already knew, such as the one a family
member. Learning by heart a telephone number of a stranger you got by
randomly opening it would work. ⁂  And memorizing it shouldn't be harder
than memorizing  any other phone number (smartphones made people lazy
but it was common to know lots of numbers by heart).

Remembering *lots* of passwords is what start making it hard, but
remembering a few good passwords is not that difficult (and the password
for your password manager is one key to remember).

As for the password manager passphrase needing to be longer, that could
be argued both ways. The protection provided by the password manager
should not be weaker than that of any secret it guards. It doesn't mean
that its strength should be the sum of that of everything it contains.

On the other hand, what we need to amount is the protection it provides,
which doesn't rest solely on the master password. You could take into
account also the protection added by the password manager format itself,
and the system it rests on, and so a 'weak' password could be considered
enough. As usual, you should make your own risk analysis.

‡ Well, kind of. There are clipboard snooping attacks, where an
application (or even a web page) retrieves clipboard contents that were
not intended for them.
Also, you will find that password managers like to clear the password
from the clipboard after some seconds.

† No need to remember the password website:
Don't worry, I only need to (remember and provide) the password manager
password, but before…
I only need to (remember and provide) the system account password,
but before…
I only need to (remember and provide) the disk encryption password,
but before…
I only need to (remember and provide) the BIOS boot password,
but before…
I only need to (remember and provide) the system account password,
but before…
I only need to (remember and provide) the PIN on the door, but before…
I only need to (remember and provide) the right word to the Cerberus
relative that is guarding the garden, but before…
I only need to (remember and provide) the right answer to the sphinx
that is at the entrance of the city.
It is very easy, you see, to provide the password at the website. No
need to its password struggle to learn. It's now so simple to enter
there. Wait!, it is asking me for a 2FA code to provide…