[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#35540: Installer displays encrypted partition password entry in clea

From: Ludovic Courtès
Subject: bug#35540: Installer displays encrypted partition password entry in cleartext
Date: Fri, 03 May 2019 15:50:52 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)

Julien Lepiller <address@hidden> skribis:

> Le Fri, 3 May 2019 11:30:18 +0200,
> Danny Milosavljevic <address@hidden> a écrit :
>> Hi,
>> On Fri, 3 May 2019 10:54:37 +0200
>> "pelzflorian (Florian Pelz)" <address@hidden> wrote:
>> > When creating an encrypted partition in Manual partitioning (maybe
>> > also Guided?) in the Newt installer, it asks for a password with
>> > which to encrypt the partition.  However only the password
>> > confirmation password entry diplays ******* instead of the typed
>> > password, the password entry before displays the password in
>> > cleartext.  
>> Yes.  What about it is a bug?  It would be very bad if you had a typo
>> in the partition encryption password, so it's good that it's visible.
>> If you want, we can make the password visible in both boxes.
>> But we shouldn't make it invisible in both boxes.
> The role of the confirmation is to make sure you didn't make a typo
> somewhere.

But that’s a different thing.  Suppose you type a passphrase assuming
you have a Dvorak keyboard but it’s actually QWERTY.  You’ll get the
confirmation right.

Then when you boot, if for some reason you get the wrong keyboard
layout, you’re screwed.

That’s why I think that seeing what you actually type is useful.

Other options include:

  1. Hiding the passphrase, but display right above it something like:

     Keyboard layout: <layout name>

  2. Adding a checkbox to toggle password visibility.

#1 is probably not great because it doesn’t help if you don’t know
precisely the layout.

#2 would be nice; not sure how to do it, though.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]