GNU bug report logs -
#35540
Installer displays encrypted partition password entry in cleartext
Previous Next
Full log
Message #17 received at 35540 <at> debbugs.gnu.org (full text, mbox):
Julien Lepiller <julien <at> lepiller.eu> skribis:
> Le Fri, 3 May 2019 11:30:18 +0200,
> Danny Milosavljevic <dannym <at> scratchpost.org> a écrit :
>
>> Hi,
>>
>> On Fri, 3 May 2019 10:54:37 +0200
>> "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de> wrote:
>>
>> > When creating an encrypted partition in Manual partitioning (maybe
>> > also Guided?) in the Newt installer, it asks for a password with
>> > which to encrypt the partition. However only the password
>> > confirmation password entry diplays ******* instead of the typed
>> > password, the password entry before displays the password in
>> > cleartext.
>>
>> Yes. What about it is a bug? It would be very bad if you had a typo
>> in the partition encryption password, so it's good that it's visible.
>>
>> If you want, we can make the password visible in both boxes.
>> But we shouldn't make it invisible in both boxes.
>
> The role of the confirmation is to make sure you didn't make a typo
> somewhere.
But that’s a different thing. Suppose you type a passphrase assuming
you have a Dvorak keyboard but it’s actually QWERTY. You’ll get the
confirmation right.
Then when you boot, if for some reason you get the wrong keyboard
layout, you’re screwed.
That’s why I think that seeing what you actually type is useful.
Other options include:
1. Hiding the passphrase, but display right above it something like:
Keyboard layout: <layout name>
2. Adding a checkbox to toggle password visibility.
#1 is probably not great because it doesn’t help if you don’t know
precisely the layout.
#2 would be nice; not sure how to do it, though.
Ludo’.
This bug report was last modified 6 years and 72 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.