From: "Ludovic Courtès" <ludo@gnu.org>
To: Julien Lepiller <julien@lepiller.eu>
Cc: 35540@debbugs.gnu.org
Subject: bug#35540: Installer displays encrypted partition password entry in cleartext
Date: Fri, 03 May 2019 15:50:52 +0200 [thread overview]
Message-ID: <87tvebbq9v.fsf@gnu.org> (raw)
In-Reply-To: <20190503115024.20787d13@sybil.lepiller.eu> (Julien Lepiller's message of "Fri, 3 May 2019 11:50:24 +0200")
Julien Lepiller <julien@lepiller.eu> skribis:
> Le Fri, 3 May 2019 11:30:18 +0200,
> Danny Milosavljevic <dannym@scratchpost.org> a écrit :
>
>> Hi,
>>
>> On Fri, 3 May 2019 10:54:37 +0200
>> "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> wrote:
>>
>> > When creating an encrypted partition in Manual partitioning (maybe
>> > also Guided?) in the Newt installer, it asks for a password with
>> > which to encrypt the partition. However only the password
>> > confirmation password entry diplays ******* instead of the typed
>> > password, the password entry before displays the password in
>> > cleartext.
>>
>> Yes. What about it is a bug? It would be very bad if you had a typo
>> in the partition encryption password, so it's good that it's visible.
>>
>> If you want, we can make the password visible in both boxes.
>> But we shouldn't make it invisible in both boxes.
>
> The role of the confirmation is to make sure you didn't make a typo
> somewhere.
But that’s a different thing. Suppose you type a passphrase assuming
you have a Dvorak keyboard but it’s actually QWERTY. You’ll get the
confirmation right.
Then when you boot, if for some reason you get the wrong keyboard
layout, you’re screwed.
That’s why I think that seeing what you actually type is useful.
Other options include:
1. Hiding the passphrase, but display right above it something like:
Keyboard layout: <layout name>
2. Adding a checkbox to toggle password visibility.
#1 is probably not great because it doesn’t help if you don’t know
precisely the layout.
#2 would be nice; not sure how to do it, though.
Ludo’.
next prev parent reply other threads:[~2019-05-03 13:52 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-03 8:54 bug#35540: Installer displays encrypted partition password entry in cleartext pelzflorian (Florian Pelz)
2019-05-03 9:30 ` Danny Milosavljevic
2019-05-03 9:50 ` Julien Lepiller
2019-05-03 13:50 ` Ludovic Courtès [this message]
2019-05-04 21:06 ` pelzflorian (Florian Pelz)
2019-05-05 11:04 ` Mathieu Othacehe
2019-05-05 14:36 ` pelzflorian (Florian Pelz)
2019-05-06 10:02 ` Ludovic Courtès
2019-05-06 12:15 ` Mathieu Othacehe
2019-05-06 13:41 ` Ludovic Courtès
2019-05-06 18:14 ` pelzflorian (Florian Pelz)
2019-05-06 19:29 ` pelzflorian (Florian Pelz)
2019-05-06 19:43 ` Ludovic Courtès
2019-05-07 8:13 ` pelzflorian (Florian Pelz)
2019-05-06 19:45 ` Ludovic Courtès
2019-05-07 7:27 ` Mathieu Othacehe
2019-05-03 10:07 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tvebbq9v.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=35540@debbugs.gnu.org \
--cc=julien@lepiller.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).