[pkg-gnupg-maint] Bug#840687: Bug#840687: gnupg: Fails to sign git commits
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Oct 14 18:38:13 UTC 2016
Control: forwarded 840687 https://bugs.gnupg.org/gnupg/issue2758
Control: retitle 840687 gpg does not cope well with long passphrases
On Fri 2016-10-14 03:29:34 -0400, Josef Vítů wrote:
> thanks for your prompt reply. The test setup worked just fine, but
> after debugging gpg-agent as you suggested (with a higher debug-level,
> though) I know where the problem is. Attaching the log is pointless I
> think, as the critical line is clearly here:
>
> DBG: chan_10 -> SETERROR Passphrase too long (try 2 of 3)
>
> Looks like pinentry cannot handle passwords longer than 255 ASCII
> characters (at least in my case), and there's even an abandoned bug
> report about that, so maybe I should move there?
>
> https://bugs.gnupg.org/gnupg/issue1592
ah yes, sounds like you've found the issue. I'm retitling this bug
report, because gpg should at least tell you that it doesn't like the
length of your passphrases, rather than leaving it to fail mysteriously.
there's also:
https://bugs.gnupg.org/gnupg/issue2038
I've also just done some additional experimentation with ultra-long
passphrases and the result is this additional upstream bug report:
https://bugs.gnupg.org/gnupg/issue2758
fwiw, i don't think you should need more than 128 characters or so for a
really strong passphrase (plain english is about 1 bit of entropy per
character, and passphrases longer than 128 bits of entropy are probably
pointless), and gpg's limits are supposed to be ~256 characters.
But still, gpg should make those limits much more clear to the user.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161014/b7e0d99d/attachment.sig>
More information about the pkg-gnupg-maint
mailing list