[pkg-gnupg-maint] Bug#884517: Bug#884517: Grab option should be reverted as enabled by default

Werner Koch wk at gnupg.org
Mon Dec 18 17:13:32 UTC 2017 

On Sat, 16 Dec 2017 09:34, bernat at debian.org said:

> passphrase by default. I didn't find any rationale behind this change. See:
>  https://github.com/gpg/gnupg/commit/3d78ae4d3de08398fabae5821045a3a1da6dadbe

[ Please dont reference an arbirary repo mirror of gnupg.  Either use
  the Debian repo or upstream. ]

> I think this is a surprising change and a major security vector. It's
> easy with a "follow mouse pointer" focus mode to get one password

I don't think that this is a major security vector. In fact we even
considered to create keys by default w/o passphrase.  Most users don't
have a tightened up box and those who have that know what to do:

  * agent: Option --no-grab is now the default.  The new option --grab
    allows to revert this.

Over the years we have received so many request to allow c+p of the
passphrase and to treat the pinentry as a normal entry field.  On most
current desktops the grabbing does not work reliable or is ineffective
due to the underlying GUI system.  GNOME and macOS use there own
passphrase manager anyway and more or less bypass the pinentry.  On
Windows it has no effect either.  Also X and the need for grabbing is
more and more replaced by Wayland or whatever thing distros like these
days.

Under the general directive to make GnuPG easier to use for the masses
we changed some of the defaults.  Those who have a need for securing
there systems need to work up a lot on their configuration anyway, and
thus adding a few options to GnuPG is just one more point on a list of
hundreds of items to care about.

Back in the days when Debian defaulted to the most secure configuration,
the grab was of course justified.  When I install a new Debian box today
I have to disable a lot of services before I can reasonable say, I did
something to secure that box.  The question is whether we want to do
something against mass surveillance or help a small group of targeted
persons to secure their machines by default.  We can't do both.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20171218/f1878158/attachment.sig>

More information about the pkg-gnupg-maint mailing list