[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Duplicity-talk] Password input double check?

From: David Rigel
Subject: [Duplicity-talk] Password input double check?
Date: Wed, 13 Aug 2003 23:44:07 +0200


 I've searched the mail archives about this topic with no luck. However,
I guess that this must been commented before. Sorry if this is a dupe.

 When making a backup, the function get_passphrase() reads the user
password used to encrypt the file. If the environment variable
PASSPHRASE is not set, then it tries to get it from user using getpass.

 The problem is: it does not double check it! What if the user mispells
the passphrase? Then the backup is useless (unrecoverable). That's why
GPG asks twice for the passphrase. It aborts when the strings do not
match. And note that this is quite a common issue when using long



David Rigel <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]