From mboxrd@z Thu Jan 1 00:00:00 1970 From: Julien Lepiller Subject: bug#35540: Installer displays encrypted partition password entry in cleartext Date: Fri, 3 May 2019 11:50:24 +0200 Message-ID: <20190503115024.20787d13@sybil.lepiller.eu> References: <20190503085437.opsw5whdkzmwrbrm@pelzflorian.localdomain> <20190503113018.5be80808@scratchpost.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:42864) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hMUqM-0006ty-RF for bug-guix@gnu.org; Fri, 03 May 2019 05:51:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hMUqL-0001SY-TH for bug-guix@gnu.org; Fri, 03 May 2019 05:51:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:34221) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hMUqL-0001SL-QO for bug-guix@gnu.org; Fri, 03 May 2019 05:51:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hMUqL-0005RX-Ki for bug-guix@gnu.org; Fri, 03 May 2019 05:51:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <20190503113018.5be80808@scratchpost.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Danny Milosavljevic Cc: 35540@debbugs.gnu.org Le Fri, 3 May 2019 11:30:18 +0200, Danny Milosavljevic a =C3=A9crit : > Hi, >=20 > On Fri, 3 May 2019 10:54:37 +0200 > "pelzflorian (Florian Pelz)" wrote: >=20 > > When creating an encrypted partition in Manual partitioning (maybe > > also Guided?) in the Newt installer, it asks for a password with > > which to encrypt the partition. However only the password > > confirmation password entry diplays ******* instead of the typed > > password, the password entry before displays the password in > > cleartext. =20 >=20 > Yes. What about it is a bug? It would be very bad if you had a typo > in the partition encryption password, so it's good that it's visible. >=20 > If you want, we can make the password visible in both boxes. > But we shouldn't make it invisible in both boxes. The role of the confirmation is to make sure you didn't make a typo somewhere. If it's visible from the start, you know you didn't make a typo, so the confirmation is useless, no? On android when you enter a wifi password for instance, it's invisible when you type it (replace by *) by there is a small button on the side of the text entry to allow you to see it in plaintext to check that you didn't make a mistake. Could we implement that instead? There won't be a need for a confirmation either in that case.