[redirecting to gnupg-devel, setting mail-followup-to: there]

On Wed 2015-03-25 18:26:38 -0400, Robert J. Hansen wrote:
>> My guess is that this is for added security.
>
> Correct.  Werner Koch has said several times that he will not change the
> code to permit C&P into the dialog box, as that would leave sensitive
> data in your clipboard -- and the clipboard, by definition, can be read
> by any application, including malware.

If the only concern is leaving sensitive data in the clipboard after
use, maybe pinentry could *accept* pastes, but then also clear the
clipboard after it was pasted into?

I understand that this still "encourages" people to put their
passphrases into the clipboard, but that seems to be happening anyway.

What if, upon accepting a paste, pinentry was to expand the dialog a bit
and show a warning that says something like:

   Pasted!  Your clipboard has also been emptied, so that your
   passphrase isn't exposed to other applications.  GnuPG recommends
   never copying your passphrase to the clipboard.

          --dkg

_______________________________________________
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Reply via email to