From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#35716: Password security bugs in LUKS configuration during guided install Date: Tue, 14 May 2019 12:17:28 +0200 Message-ID: <87v9yd1gsn.fsf@gnu.org> References: <20190513150922.GA30339@mail.freearts.agency> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:56140) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hQUVX-0000WY-6X for bug-guix@gnu.org; Tue, 14 May 2019 06:18:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hQUVW-00072h-5c for bug-guix@gnu.org; Tue, 14 May 2019 06:18:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:33925) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hQUVW-00072O-12 for bug-guix@gnu.org; Tue, 14 May 2019 06:18:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hQUVV-0007tP-SK for bug-guix@gnu.org; Tue, 14 May 2019 06:18:01 -0400 Sender: "Debbugs-submit" Resent-To: bug-guix@gnu.org Resent-Message-ID: In-Reply-To: <20190513150922.GA30339@mail.freearts.agency> (sirmacik@wioo.waw.pl's message of "Mon, 13 May 2019 17:09:22 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: sirmacik Cc: 35716-done@debbugs.gnu.org Hi sirmacik, sirmacik skribis: > I've asked on IRC if those bugs were known but apparently no, so here > they are: > > - during guided installation with LUKS encryption one is not able to > enter password longer then length of field; Good catch! Commit ef250707d3303d58ae00fe8f461701e7fa788d8a fixes it for the passphrase, the root password, and user passwords. > - in the same field password is shown during typing (lets one see bug > above, characters typed after reaching length of field are simply > not recorded); This has been addressed recently: . Thanks for your report! Ludo=E2=80=99.