Re: pasting of passphrases please?

[Adam Schreiber <sadam gnome org>]

On Fri, Aug 7, 2009 at 9:47 AM, Jens Prüfer<jens pruefer gmx de> wrote:
> thank you for your efforts maintaining seahorse and offering an
> integrated pgp key and password support for gnome applications.
>
> However, after having to manually "copy and paste" my very long and very
> random pgp key passphrase from KeePassX over to seahorse again, I was
> wondering if anyone else finds this rather insecure and cumbersome and
> indeed I found
>
> https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/238954
>
> I was a bit surprised by the upstream response from Adam, actually
> suggesting that manually copying a long and complicated passphrase,
> which has to be displayed in the clear and openly on your screen for
> about a minute, is considered more secure than enabling "paste" for the
> password/passphrase entry field.

My actual response is::

Comment #1 from Adam Schreiber (seahorse developer, points: 19)
2008-08-28 16:47 UTC [reply]

You could store the passphrase securely in gnome-keyring. You would have to
enter it manually once and then it would be provided automatically in the
future.

Go to System -> Preferences -> Encryption and Keyrings

On the PGP Passphrases tab, select Always remember passphrases whenever logged
in and additionally if you want to be asked before it's provided check the box
next to Ask me before using a cached passphrase.

which says nothing about the relative security of the requested
feature or the provided solution.

> Moreover, it was suggested to use the "always remember passphrase"
> function of the gnome keyring to only have to do this once per session.
> Why is storing a key permanently in memory considered more secure than a
> 20 second storage of a passphrase in case of "cut&paste" using keepassX?

I'm not familiar with keepassX, but gnome-keyring stores your secrets,
passphrases included, in non-pagable memory when your keyring is
unlocked and in an encrypted file in your home directory with
appropriate permissions other wise.  I'm guessing that's similar to
what keepassX provides.

> Just because clipboard memory can be paged out to disk?

You might want to read a recent list post from Stef discussing
changing the secure-entry widget currently used to a secured version
of GtkEntry shipped in GTK+.

> Maybe using only non-pageable memory for the clipboard would then
> resolve the issue? I am not sure where to look for that, though. There
> seem to be many places where cut & paste is handled, starting at the
> "low level" X11 primary selections, X11 clipboard, gnome clipboard and
> some fancy clipboard applications on top of that.
>
> Besides the fact that many machines have more than enough memory to
> effectively never use the page file at all, even if they do, many people
> use encryption to prevent information from being read. RAM is the place
> I am concerned about since cold boot attacks became widely documented. I
> don't want to use the "always remember passphrase" function, I want to
> be able to copy and paste from keepass.

If you use a laptop and suspend or hibernate it, your memory is paged
to the disk.

Cheers,

Adam

> Can you please at least consider enabling pasting of passphrases by
> willing and conscious user interaction? Using a notebook in a public
> place is making me very nervous when I have to enter my pgp passphrase
> in a train for example. Beware of shoulder surfers ... they can take a
> digicam snapshot of my passphrase much faster than I can "spell" it into
> seahorse. To me this risk by far outweighs the "pageable RAM" problem
> with a timeframe of 20 sec (which can be shortened by the way).
>
> I had a quick look at seahorse-secure-entry from the libseahorse but I
> simply do not have the time to tweak that myself.
>
> Cheers
>
> Jens
>
>
> _______________________________________________
> Seahorse-list mailing list
> Seahorse-list gnome org
> http://mail.gnome.org/mailman/listinfo/seahorse-list
>