GNU bug report logs - #35716
Password security bugs in LUKS configuration during guided install

Previous Next

Package: guix;

Reported by: sirmacik <sirmacik <at> wioo.waw.pl>

Date: Mon, 13 May 2019 15:12:02 UTC

Severity: important

Tags: security

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #14 received at 35716-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: sirmacik <sirmacik <at> wioo.waw.pl>
Cc: 35716-done <at> debbugs.gnu.org
Subject: Re: bug#35716: Password security bugs in LUKS configuration during
 guided install
Date: Tue, 14 May 2019 12:17:28 +0200

Hi sirmacik,

sirmacik <sirmacik <at> wioo.waw.pl> skribis:

> I've asked on IRC if those bugs were known but apparently no, so here
> they are:
>
> - during guided installation with LUKS encryption one is not able to
>   enter password longer then length of field;

Good catch!

Commit ef250707d3303d58ae00fe8f461701e7fa788d8a fixes it for the
passphrase, the root password, and user passwords.

> - in the same field password is shown during typing (lets one see bug
>   above, characters typed after reaching length of field are simply
>   not recorded);

This has been addressed recently:
<https://issues.guix.info/issue/35540>.

Thanks for your report!

Ludo’.

This bug report was last modified 6 years and 67 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #35716 Password security bugs in LUKS configuration during guided install

GNU bug report logs - #35716
Password security bugs in LUKS configuration during guided install