[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Password input double check?

From: Ben Escoto
Subject: Re: [Duplicity-talk] Password input double check?
Date: Wed, 13 Aug 2003 23:22:57 -0700

>>>>> "DR" == David Rigel <address@hidden>
>>>>> wrote the following on Wed, 13 Aug 2003 23:44:07 +0200

  DR> Hi I've searched the mail archives about this topic with no
  DR> luck. However, I guess that this must been commented
  DR> before. Sorry if this is a dupe.

Nope, it's new to me, although maybe a no-brainer in retrospect.

  DR>  When making a backup, the function get_passphrase() reads the
  DR> user password used to encrypt the file. If the environment
  DR> variable PASSPHRASE is not set, then it tries to get it from
  DR> user using getpass.

  DR>  The problem is: it does not double check it! What if the user
  DR> mispells the passphrase? Then the backup is useless
  DR> (unrecoverable). That's why GPG asks twice for the
  DR> passphrase. It aborts when the strings do not match. And note
  DR> that this is quite a common issue when using long passphrases.

I guess I was never bothered by this because I would never type my
passphrase in.  But fixed now in CVS I think.  You can get the patch


(Apply it to your "duplicity" script if you have the packaged version
and not CVS.)

Ben Escoto

Attachment: pgpex9Q1xdXC3.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]