On 27 April 2014 11:34:07 BST, "Robert J. Hansen" <r...@sixdemonbag.org> wrote: >>execute arbitrary code with your credentials, you should simply >> consider your GnuPG installation compromised whether you use the >> clipboard or not. > >C&P is a time machine. > >If I enter a passphrase normally on Monday and my machine is >compromised >on a Tuesday, I can be confident my certificate is still secure because >I never entered my passphrase on a compromised machine. If I enter a >passphrase via C&P on Monday and my machine is compromised on a >Tuesday, >I suddenly have to worry: was my passphrase still in my C&P buffer? >Did >I remember to wipe the C&P buffer? Did the C&P buffer get wiped >securely? Did I...
The password manager should clear or overwrite the clipboard after a short time, which should help. Keepass includes "timed clipboard clearing" in its feature list. Of course, there is still the question of whether it does (or can*) do it securely. (*It's possible to clear the X clipboard, but I'm not sure if it remains in memory) Simon -- Sent from Kaiten Mail. Please excuse my brevity. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
