I'm using gpg-agent v2.0.14 (this ships with CentOS/RHEL 6.5). This distribution
ships pinentry-0.7.6, but I also see this behavior with the latest pinentry-0.9.0
from gnupg.org source.
Steps to demonstrate issue:
(1) Start gpg-agent with --no-detach option
(2) Make sure $DISPLAY is not set to force pinentry to fallback to curses
(3) Attempt to decode a gpg-encrypted file to trigger pinentry
In the stock RHEL pinentry version (0.7.6), the input is automatically and
continuously "crammed" with asterisks ('*'). That is, it's as if someone is typing
in an infinite-length password as quickly as possible. This also consumes 100% of
CPU and requires kill -9.
With the latest pinentry (0.9.0), the behavior is the same, except the asterisks
don't fill as quickly, maybe one or two per second. Still unusable, just not as
severe as the older pinentry-curses.