Copy-paste in pinentry-qt4
Georgios Dimitropoulos
gpd.mechatronics at gmail.com
Mon May 24 02:12:50 CEST 2010
Koos Pol <kp2010 <at> koospol.nl> writes:
>
> Hi,
>
> Preferring strong passwords generated and stored in KeyPassX, I'd be really
> happy if I could copy and paste the strong passwords into the entry field from
> /usr/bin/pinentry-qt4. But that doesn't work. And typing strong passwords
> sucks.
>
> Is there a security reason for not allowing copy/paste?
>
> Cheers,
> Koos
>
I see this behaviour in many programs that do no accept copy/paste passwords and
they really piss me off, because they play "daddy" with the user.
I do the exact same thing with you (using keepassX) and I'm tremendously annoyed
by this "habit". To answer your question, there is no security reason for no
copy paste, it is an "opinion" of the programmer. It assumes that looking on a
paper or a screen window for a password that you will type via keyboard (mine is
wireless!) is safer than clipboard. Well, their opinion is imposed on the user
on the assumption the programmer knows better. I call this microsoft windows
you-are-stupid-we-know-better.
Other than that, I was greatly annoyed as well, that I had to install seahorse,
which in turn installed pinentry, to figure out why gpa 0.8.0 was giving me
"general error" from library gpgme, since in fedora 12, somebody forgot to put
pinentry as a resolved dependency for installing gpa.
All these little loose ends, kind of sloppiness, in the whole "story" does not
exactly help me trust crypto as a business plan.
More information about the Gpa-dev
mailing list