[Duplicity-talk] Password input double check?

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Duplicity-talk] Password input double check?

From:	David Rigel
Subject:	[Duplicity-talk] Password input double check?
Date:	Wed, 13 Aug 2003 23:44:07 +0200

Hi

 I've searched the mail archives about this topic with no luck. However,
I guess that this must been commented before. Sorry if this is a dupe.

 When making a backup, the function get_passphrase() reads the user
password used to encrypt the file. If the environment variable
PASSPHRASE is not set, then it tries to get it from user using getpass.

 The problem is: it does not double check it! What if the user mispells
the passphrase? Then the backup is useless (unrecoverable). That's why
GPG asks twice for the passphrase. It aborts when the strings do not
match. And note that this is quite a common issue when using long
passphrases.

Thanks,

David


-- 
David Rigel <address@hidden>

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] Password input double check?, David Rigel <=
- Re: [Duplicity-talk] Password input double check?, Ben Escoto, 2003/08/14

Prev by Date: [Duplicity-talk] Version 0.4.1 released
Next by Date: [Duplicity-talk] duplicity over rsync
Previous by thread: [Duplicity-talk] Version 0.4.1 released
Next by thread: Re: [Duplicity-talk] Password input double check?
Index(es):
- Date
- Thread