unable to paste passwords into seahorse passphrase windows

This in many ways could encourage bad behavior and invalidate any security meant to be used.

I would tend to agree with phr0ze in that this is not a bug but "as designed" and "working as intended".

Not going to invalidate this bug, though its most likey going to be marked as "won't fix" or "wishlist"

Cheers

hmm.. then as an option maybe, so one can choose how it should work :)

Not beeing able to paste is a security problem, because:

If you use a password manager and use generated passwords that are impossible to remember you will have to show the password on screen to be able to enter it correctly in the seahorse password dialog.

Upstream won't change the behaviour, as outlined in the paste below.

Upstream comment:

 Comment #1 from Adam Schreiber (seahorse developer, points: 19)
2008-08-28 16:47 UTC [reply]

You could store the passphrase securely in gnome-keyring. You would have to
enter it manually once and then it would be provided automatically in the
future.

Go to System -> Preferences -> Encryption and Keyrings

On the PGP Passphrases tab, select Always remember passphrases whenever logged
in and additionally if you want to be asked before it's provided check the box
next to Ask me before using a cached passphrase.

Setting to Won't Fix as of upstream's comment.

Hi,

I just wanted to add that this behaviour is bugging me a lot as well. Using KeePassX for cross platform password db support with long random pass phrases for gpg keys is out of the question when you have to manually "copy and paste".

Even more so if you happen to use a lot of special chars and "dead keys" (accents) where you actually have to type an extra blank to make sure you don't get the wrong letter. Not to mention font problems when using chars like O vs. 0 or 1, l (small "L") and I (capital "i").

I also do not understand, why keeping a pass phrase in memory indefinitely, as suggested by upstream, is considered more secure as storing it temporarily (default: 20 sec) in clipboard memory.

For what it's worth, I will try and bring this to the "seahorse" maintainers attention.

I understand that this "bug" will not be reopened, just wanted to add my opinion.

Cheers

Jens

I think an option should be added.

For me, this means I either have to use rediculously simple passwords, or else store them somewhere I actually can paste them.
In other words: I am forced to insecure workflows and manners because seahorse tries to make things secure for me.

Just my $0.02, I am sure many more, like me, will either start using simple passwords, or else change to another tool.

I also use very long passphrases stored in a password manager. I would like to be able to copy and paste the passphrase into Seahorse. I originally raised the issue here:
https://www.mozdev.org/bugs/show_bug.cgi?id=23015
but learned that this is the correct place to request the feature.

Is it difficult to add something so simple? If you think it is a security risk, is it possible to make this an option available to users who understand and accept the risks?

Thanks.