On 29/03/2015 9:47 am, Jérôme Pinguet wrote:
>
> By the way Daniel, thanks for your GPG best practices page and more
> generally for your work related to GPG, Riseup and Debian! :-) I
> often refer to Riseup GPG Best practices during the cryptoparties I
> organize in Marseille.
Great to hear that
On 5/04/2015 11:50 pm, Patrick Brunschwig wrote:
> On 05.04.15 15:41, Ben McGinnes wrote:
>
>> However, if you're in real trouble from this, the version of
>> pinentry and gpg-agent I have running with GPG 2.1.2 include a
>> little tick box which allows the passphrase to be visible when you
>> typ
On 26/03/2015 9:36 am, Andre Lahmann wrote:
> Ok, just for the record: this is an issue with pinentry - see e.g.
> https://bugs.launchpad.net/ubuntu/+source/pinentry/+bug/326132
> https://bugs.g10code.com/gnupg/issue1374
> https://bugs.g10code.com/gnupg/issue1368
>
> It's absolutely ridiculous how
On 3/29/15 2:32 AM, Samir Nassar wrote:
On Sunday, March 29, 2015 10:26:53 AM Anne Wilson wrote:
Personally I prefer my
password to be reference to a book - and you haven't a snowball in
hell's chance of knowing which book or what reference to it :-) I
doubt if even my closest family would gues
On 28/03/15 20:30, Daniel Kahn Gillmor wrote:
> I quite like the Keepass approach.
>
> But it's not clear to me that this will work, at least for the versions
> of pinentry i've seen that grab the input devices (i'm seeing this on
> X11, at any rate). In this case, I don't think there is a way to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 29/03/2015 10:32, Samir Nassar wrote:
> On Sunday, March 29, 2015 10:26:53 AM Anne Wilson wrote:
>> Personally I prefer my password to be reference to a book - and
>> you haven't a snowball in hell's chance of knowing which book or
>> what reference
On Sunday, March 29, 2015 10:26:53 AM Anne Wilson wrote:
> Personally I prefer my
> password to be reference to a book - and you haven't a snowball in
> hell's chance of knowing which book or what reference to it :-) I
> doubt if even my closest family would guess the book.
You might be wrong, yo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/03/2015 19:30, Daniel Kahn Gillmor wrote:
> I suppose the underlying question is whether you think the user's
> OpenPGP passphrase is one of these strong passphrases that they
> should be able to remember, or whether you think it should be
> del
On 03/28/2015 08:30 PM, Daniel Kahn Gillmor wrote:
> [so much for following up on gpg-devel; i'm replying to enigmail because
> that's where this message went, even though i don't understand the
> reason to keep this non-enigmail discussion here]
>
> On Sat 2015-03-28 15:09:15 -0400, Doug Barton wr
On 3/28/15 12:30 PM, Daniel Kahn Gillmor wrote:
[so much for following up on gpg-devel; i'm replying to enigmail because
that's where this message went, even though i don't understand the
reason to keep this non-enigmail discussion here]
On Sat 2015-03-28 15:09:15 -0400, Doug Barton wrote:
Fina
[so much for following up on gpg-devel; i'm replying to enigmail because
that's where this message went, even though i don't understand the
reason to keep this non-enigmail discussion here]
On Sat 2015-03-28 15:09:15 -0400, Doug Barton wrote:
> Finally, someone else already posted the right answer
On 3/28/15 11:57 AM, Daniel Kahn Gillmor wrote:
If the only concern is leaving sensitive data in the clipboard after
use, maybe pinentry could*accept* pastes, but then also clear the
clipboard after it was pasted into?
First, this discussion is moot because Werner won't change this.
Second, w
[redirecting to gnupg-devel, setting mail-followup-to: there]
On Wed 2015-03-25 18:26:38 -0400, Robert J. Hansen wrote:
>> My guess is that this is for added security.
>
> Correct. Werner Koch has said several times that he will not change the
> code to permit C&P into the dialog box, as that wou
On 25.03.15 23:36, Andre Lahmann wrote:
> Ok, just for the record: this is an issue with pinentry - see e.g.
> https://bugs.launchpad.net/ubuntu/+source/pinentry/+bug/326132
> https://bugs.g10code.com/gnupg/issue1374
> https://bugs.g10code.com/gnupg/issue1368
>
> It's absolutely ridiculous how usa
On 03/25/2015 10:40 PM, Andre Lahmann wrote:
> Hello,
>
> since upgrading to Enigmail 1.8.x it's not possible anymore to paste the
> passphrase into the pinentry dialogbox. I'm running Xubuntu 12.04 and
> neither ctrl+v nor mouse buffer is working (as I am managing my
> passphrases with keepass I a
Ok, just for the record: this is an issue with pinentry - see e.g.
https://bugs.launchpad.net/ubuntu/+source/pinentry/+bug/326132
https://bugs.g10code.com/gnupg/issue1374
https://bugs.g10code.com/gnupg/issue1368
It's absolutely ridiculous how usability is screwed by design and
justified with secur
> My guess is that this is for added security.
Correct. Werner Koch has said several times that he will not change the
code to permit C&P into the dialog box, as that would leave sensitive
data in your clipboard -- and the clipboard, by definition, can be read
by any application, including malwar
Hmm, I just tried it with GPGv1.4 but the pinentry dialogbox still
does not allow copy and pasting... doesn't seem to be a GPGvX related
issue or am I getting you wrong?
Best,
André
Am 25.03.2015 um 22:44 schrieb mich...@yanovich.net:
> On 03/25/2015 05:40 PM, Andre Lahmann wrote:
>> Hello,
>
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/25/2015 05:40 PM, Andre Lahmann wrote:
> Hello,
>
> since upgrading to Enigmail 1.8.x it's not possible anymore to paste the
> passphrase into the pinentry dialogbox. I'm running Xubuntu 12.04 and
> neither ctrl+v nor mouse buffer is working (
Hello,
since upgrading to Enigmail 1.8.x it's not possible anymore to paste the
passphrase into the pinentry dialogbox. I'm running Xubuntu 12.04 and
neither ctrl+v nor mouse buffer is working (as I am managing my
passphrases with keepass I also tried autotype without success).
Is this a bug or a
20 matches
Mail list logo
