unable to paste passwords into seahorse passphrase windows

Bug #238954 reported by fossy on 2008-06-10
24
This bug affects 3 people
Affects Status Importance Assigned to Milestone
seahorse
Invalid
Medium
seahorse (Ubuntu)
Low
Ubuntu Desktop Bugs

Bug Description

Binary package hint: seahorse

i use a password-generator for my passwords and im not able to paste them into seahorse passphrase window. would be very nice to enable this function :)

i'm on ubuntu hardy lts x86_64

phr0ze (pcgenius) wrote :

This in many ways could encourage bad behavior and invalidate any security meant to be used.

Old_Soldier (charles.davis) wrote :

I would tend to agree with phr0ze in that this is not a bug but "as designed" and "working as intended".

Not going to invalidate this bug, though its most likey going to be marked as "won't fix" or "wishlist"

Cheers

fossy (fossy2001) wrote :

hmm.. then as an option maybe, so one can choose how it should work :)

Jens Askengren (jens-askengren) wrote :

Not beeing able to paste is a security problem, because:

If you use a password manager and use generated passwords that are impossible to remember you will have to show the password on screen to be able to enter it correctly in the seahorse password dialog.

Changed in seahorse:
status: Unknown → New
Changed in seahorse:
assignee: nobody → desktop-bugs
importance: Undecided → Low
status: New → Triaged
Changed in seahorse:
status: New → Invalid
Andreas Moog (ampelbein) wrote :

Upstream won't change the behaviour, as outlined in the paste below.

Upstream comment:

 Comment #1 from Adam Schreiber (seahorse developer, points: 19)
2008-08-28 16:47 UTC [reply]

You could store the passphrase securely in gnome-keyring. You would have to
enter it manually once and then it would be provided automatically in the
future.

Go to System -> Preferences -> Encryption and Keyrings

On the PGP Passphrases tab, select Always remember passphrases whenever logged
in and additionally if you want to be asked before it's provided check the box
next to Ask me before using a cached passphrase.

Andreas Moog (ampelbein) wrote :

Setting to Won't Fix as of upstream's comment.

Changed in seahorse:
status: Triaged → Won't Fix
Jens P (jplaunchpad) wrote :

Hi,

I just wanted to add that this behaviour is bugging me a lot as well. Using KeePassX for cross platform password db support with long random pass phrases for gpg keys is out of the question when you have to manually "copy and paste".

Even more so if you happen to use a lot of special chars and "dead keys" (accents) where you actually have to type an extra blank to make sure you don't get the wrong letter. Not to mention font problems when using chars like O vs. 0 or 1, l (small "L") and I (capital "i").

I also do not understand, why keeping a pass phrase in memory indefinitely, as suggested by upstream, is considered more secure as storing it temporarily (default: 20 sec) in clipboard memory.

For what it's worth, I will try and bring this to the "seahorse" maintainers attention.

I understand that this "bug" will not be reopened, just wanted to add my opinion.

Cheers

Jens

anyway (gosustyle87) wrote :

I think an option should be added.

Bèr Kessels (berkes) (ber) wrote :

For me, this means I either have to use rediculously simple passwords, or else store them somewhere I actually can paste them.
In other words: I am forced to insecure workflows and manners because seahorse tries to make things secure for me.

Just my $0.02, I am sure many more, like me, will either start using simple passwords, or else change to another tool.

ken (kmailuk+launchpad) wrote :

I also use very long passphrases stored in a password manager. I would like to be able to copy and paste the passphrase into Seahorse. I originally raised the issue here:
https://www.mozdev.org/bugs/show_bug.cgi?id=23015
but learned that this is the correct place to request the feature.

Is it difficult to add something so simple? If you think it is a security risk, is it possible to make this an option available to users who understand and accept the risks?

Thanks.

Changed in seahorse:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.