[Enigmail] Paste passphrase from clipboard into pinentry dialogbox

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Mar 28 20:30:21 CET 2015


[so much for following up on gpg-devel; i'm replying to enigmail because
that's where this message went, even though i don't understand the
reason to keep this non-enigmail discussion here]

On Sat 2015-03-28 15:09:15 -0400, Doug Barton wrote:
> Finally, someone else already posted the right answer, a tool like 
> Keepass can auto-type the password, bypassing the clipboard. It's also 
> thought to be safe against key loggers, although there is some dispute 
> on that topic.

I quite like the Keepass approach.

But it's not clear to me that this will work, at least for the versions
of pinentry i've seen that grab the input devices (i'm seeing this on
X11, at any rate).  In this case, I don't think there is a way to
trigger keepass to get it to type into the pinentry dialog.

What platforms as this approach been tested on?

> I think that a case can be made for a better plan to be using a password 
> that you can remember, and type. I would also argue that for most people 
> there is no threat model that justifies a password so long that you 
> can't remember or type it. :)

I can sympathize with this sentiment.  In general, i think users should
keep a very small number of strong passphrases that they can remember
and can type, and should use the main one of those passprhases to
control a mechanized password store (like keepass) for all the rest of
them.

I suppose the underlying question is whether you think the user's
OpenPGP passphrase is one of these strong passphrases that they should
be able to remember, or whether you think it should be delegated to the
mechanized password store.

           --dkg



More information about the enigmail-users mailing list