Bug#884788: closed by Michael Biebl (Re: Bug#884788: systemd-ask-password echos password as stars (*) while decrypting LUKS partition)
Sorry, I kinda forgot about this. Anyways, I just filled the bug report at upstream.[0] [0] https://github.com/systemd/systemd/issues/8495 -- Avinash Sonawane (rootKea) PICT, Pune https://rootkea.wordpress.com
Bug#884788: systemd-ask-password echos password as stars (*) while decrypting LUKS partition
Am 20.12.2017 um 10:41 schrieb root kea: > On Wed, Dec 20, 2017 at 4:46 AM, Michael Biebl wrote: > >> I think this is intentional behaviour, so you'll easily spot that your >> input system works > > The current implementation is that the password gets echoed to > terminal as star(*) characters by default and one needs to press TAB > or BACKSPACE key to turn off the echo. > > Now it's quite possible that there are people who want to make sure > that their input works while entering password. For them a key should > be configured (e.g. TAB or BACKSPACE) to echo the stars(*). By default > password shouldn't be echoed at all. Something like when most of the > modern GUIs make you click on button to reveal the password. By > default they print stars/dots.[0] (This is an analogy) > > There are mainly 2 reasons behind this proposal: > 1. Security by obscurity (hiding the length of pass-phrase) > 2. consistency Since I don't really agree with your reasoning, I'll leave it up to you to raise this issue upstream at https://github.com/systemd/systemd/issues if you want to see this behaviour changed. We won't ship a Debian specific patch and deviate from upstream behaviour in that regard. signature.asc Description: OpenPGP digital signature
Bug#884788: systemd-ask-password echos password as stars (*) while decrypting LUKS partition
On Wed, Dec 20, 2017 at 4:46 AM, Michael Biebl wrote: > I think this is intentional behaviour, so you'll easily spot that your > input system works The current implementation is that the password gets echoed to terminal as star(*) characters by default and one needs to press TAB or BACKSPACE key to turn off the echo. Now it's quite possible that there are people who want to make sure that their input works while entering password. For them a key should be configured (e.g. TAB or BACKSPACE) to echo the stars(*). By default password shouldn't be echoed at all. Something like when most of the modern GUIs make you click on button to reveal the password. By default they print stars/dots.[0] (This is an analogy) There are mainly 2 reasons behind this proposal: 1. Security by obscurity (hiding the length of pass-phrase) 2. consistency Now, still if we decide to make `systemd-ask-password` echo stars on screen by default (which IMHO is a very bad idea) we should, just for the sake of consistency, file bug reports against sudo, cryptsetup, login and all those debian packages which don't echo the passphrase as stars/any obscure char by default. > Basically any graphical user interface works like > this these days. No, that is incorrect. First of all `systemd-ask-password` asking a password to decrypt a partition is not a GUI. It's a CLI. Just like cryptsetup. And secondly, this is a wrong analogy. A correct analogy would be GUI -> CLI :: echoing dots by default -> echoing nothing by default :: revealing password on a user action -> echoing stars on a user action [0] https://imgur.com/a/31oWd -- Avinash Sonawane (rootKea) PICT, Pune https://rootkea.wordpress.com
Bug#884788: systemd-ask-password echos password as stars (*) while decrypting LUKS partition
Am 19.12.2017 um 19:33 schrieb Avinash Sonawane: > Package: systemd > Version: 232-25+deb9u1 > Severity: normal > > Dear Maintainer, > > I have encrypted swap and /home. When the system starts it asks password to > decrypt swap. The password doesn't get echoed at all. Totally expected > behaviour. > > But then it loads the kernel and systemd takes over. And > `systemd-ask-password` > (I think as plymouth is not installed) asks the password to decrypt /home. And > this time password gets echoed to screen as star(*) characters. > > Here is the screenshot [0]. > > I expected no echo on terminal at all. Echoing stars on screen is not at all > consistent behaviour with the traditional *Nix password handling. > > I hope you will look into the issue and will take the necessary steps to > address it. > I think this is intentional behaviour, so you'll easily spot that your input system works. Basically any graphical user interface works like this these days. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature