[pkg-gnupg-maint] Bug#801757: Pinentry displays password while typing

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Oct 15 20:56:52 UTC 2015

Control: tags 801757 + moreinfo unreproducible

On Wed 2015-10-14 05:14:11 -0400, Klaus Ethgen wrote:
> Package: pinentry-gtk2
> Version: 0.9.6-2

> In newest version, pinentry is displaying password when typing. (It is
> displaying the last letter but a observer can easily read the password.)

i'm not seeing this behavior at all.  I'm using pinentry-gtk2 0.9.6-2,
and libgtk2.0-0 2.24.28-1, just like you are.  The password entry field
i see is just dots, no characters.

Could you try to reproduce it simply and help me to reproduce it?

To start with, can you reproduce it from the command line, by invoking
"pinentry-gtk-2" directly, and then after it says "OK Pleased to meet
you", type "GETPIN" and hit enter.

Does the prompting still show the text for you?

> Please revert that recent change back to the secure way of just
> displaying dots.

I'm unaware of such a change, please help me track it down! :)

the main recent change is that pinentry now relies on the underlying
toolkit's password-entry widget.  is it possible that you have some
unusual settings for your gtk.Entry widgets in general when they're in
password mode?

can you try it from a new/clean user account on your machine?  can you
try it from another machine with the same version installed?

Thanks for reporting the issue!


More information about the pkg-gnupg-maint mailing list