Page MenuHome GnuPG
Create Task
Maniphest T3739

pinentry: manual type enforcement degrades security of passwords and emails
Closed, ResolvedPublic
Actions

Description

pinentry does not allow for passwords pasted or automatically typed in by a password database, such as KeePass or any other password database. The intention of developers might had been to discipline the user to memorize their passwords well and to type it in manually. The actual result is that users who have a key will create a new key with a weaker password which is a) easier to remember and b) quicker to type in. They can't use a password manager they decided to trust, because the developers of Gpg4win took that decision from them, and decided for the user to trust no password manager at all.

Even worse than making users creating a new key with a weak protection is that users stand with their own key, and if they have to switch to Windows, they don't encrypt their emails anymore since Gpg4win became unbearable to use for disallowing any input but the keyboard.

I didn't even care to test the accessibility of pinentry's input field for disabled people but I am sure any accessibility of that input field has been left behind in the filter after this chemical cleaning.

Conclusion: to punish a few Windows users who used a text file as a password database, the developers excluded those who chose a satisfiable password managing solution for a 50 characters key password and limited the probable password length a user choses for memorability and convenience to what the user is able to afford. For most users, this is not a lot and only if they decide to continue encrypting their emails on WIndows at all.

Thanks a lot.

Details

Version
2.3.4

Event Timeline

herzmut created this task.Jan 16 2018, 12:09 AM
herzmut updated the task description. (Show Details)Jan 16 2018, 12:16 AM
aheinecke triaged this task as Normal priority.Jan 17 2018, 8:34 AM
aheinecke added a project: pinentry.
aheinecke added a subscriber: aheinecke.

The default Pinentry for Windows is pinentry-qt it should both be accessible with descriptions and screenreader API support and it should allow you to paste in passphrases. The passphrase length is limited at 255 characters. This limitation comes from GnuPG and is there both for Windows and Linux. Have you tested Pinentry-qt with a screenreader?

Which Pinentry are you using where you can't paste? Afaik even the GTK Pinentry allows pasting in passphrases.
If you don't know which pinentry flavor you are using please attach a screenshot so that we can tell from that.

Thanks,
Andre

werner added a subscriber: werner.Jan 17 2018, 9:21 AM

FWIW, Running gpg from the commandline with option -v shows the pinentry flavor.

werner added a comment.Jan 17 2018, 9:37 AM

BTW, using a long passphrase for public key encryption is in almost all cases useless. The passphrase is there to protect the private key, the passphrase is never sent to another site and will only be seen by gpg-agent, pinentry and the tty I/O software of the OS.

The passphrase is good and useful for transferring a private key to another machine or for backups. On the actual machine it would only help to mitigate transient attacks which are not going after the private key. All real attacks leave behind malware snooping on confidential data on the I/O systemand running processes. Thus, as soon as the password manager, or pinentry, or gpg-agent is used, the passphrase is revealed and soon ends up at the attacker's C&C server.

Let me repeat it: The passphrases used to authenticate with remote systems are VERY different from the passphrases used to protect local-only private keys in a public key encryption system.

herzmut added a comment.Jan 17 2018, 9:54 AM
In T3739#109615, @aheinecke wrote:

The default Pinentry for Windows is pinentry-qt it should both be accessible with descriptions and screenreader API support and it should allow you to paste in passphrases. The passphrase length is limited at 255 characters.

Pasting passphrases is not allowed for pinentry-gtk, what seems to be the default pinentry for Windows for the version I downloaded in December (which is 2.3.4, as I noted above). I recognized there is a new version 3.0.3, which I downloaded and yes, pasting is allowed there.

This limitation comes from GnuPG and is there both for Windows and Linux. Have you tested Pinentry-qt with a screenreader?

As I said, I didn't even start.

Which Pinentry are you using where you can't paste? Afaik even the GTK Pinentry allows pasting in passphrases.

It doesn't. In Gpg4win 2.3.4 it is pinentry-gtk, Version 0.9.4 - not allowing passphrases or pasting or giving a context menu or reacting to shortcuts.

In T3739#109635, @werner wrote:

BTW, using a long passphrase for public key encryption is in almost all cases useless.

I know. That's not what I do. I have a passphrase for encryption, and this is what would be the private key used for.

It would work now with Gpg4win 3.0.3 and pinentry-qt, but I am sure the problem persists in pinentry-gtk.exe

aheinecke closed this task as Resolved.Jun 18 2018, 4:43 PM
aheinecke claimed this task.

I'm seeing this as resolved. It's a design decision by the pinentry-gtk maintainer. pinentry-qt is the default pinentry for windows and there pasting works, as you have confirmed.