On 3/28/15 11:57 AM, Daniel Kahn Gillmor wrote:
If the only concern is leaving sensitive data in the clipboard after use, maybe pinentry could*accept* pastes, but then also clear the clipboard after it was pasted into?
First, this discussion is moot because Werner won't change this.Second, what you're describing isn't safe. Malware that watches the clipboard will still pick up what's pasted onto it, even if it gets cleared immediately after.
Finally, someone else already posted the right answer, a tool like Keepass can auto-type the password, bypassing the clipboard. It's also thought to be safe against key loggers, although there is some dispute on that topic.
I think that a case can be made for a better plan to be using a password that you can remember, and type. I would also argue that for most people there is no threat model that justifies a password so long that you can't remember or type it. :)
Doug --I am conducting an experiment in the efficacy of PGP/MIME signatures. This message should be signed. If it is not, or the signature does not validate, please let me know how you received this message (direct, or to a list) and the mail software you use. Thanks!
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
