[Enigmail] Paste passphrase from clipboard into pinentry dialogbox
dougb at dougbarton.email
Sat Mar 28 20:09:15 CET 2015
On 3/28/15 11:57 AM, Daniel Kahn Gillmor wrote:
> If the only concern is leaving sensitive data in the clipboard after
> use, maybe pinentry could*accept* pastes, but then also clear the
> clipboard after it was pasted into?
First, this discussion is moot because Werner won't change this.
Second, what you're describing isn't safe. Malware that watches the
clipboard will still pick up what's pasted onto it, even if it gets
cleared immediately after.
Finally, someone else already posted the right answer, a tool like
Keepass can auto-type the password, bypassing the clipboard. It's also
thought to be safe against key loggers, although there is some dispute
on that topic.
I think that a case can be made for a better plan to be using a password
that you can remember, and type. I would also argue that for most people
there is no threat model that justifies a password so long that you
can't remember or type it. :)
I am conducting an experiment in the efficacy of PGP/MIME signatures.
This message should be signed. If it is not, or the signature does not
validate, please let me know how you received this message (direct, or
to a list) and the mail software you use. Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: OpenPGP digital signature
More information about the enigmail-users