Re: strawman [was: LUKS password gets printed as stars]

[Brian]

On Sat 23 Dec 2017 at 18:43:38 +0100, to...@tuxteam.de wrote:

> On Sat, Dec 23, 2017 at 03:14:25PM +, Curt wrote:
> > On 2017-12-23, Hans  wrote:
> 
> [...]
> 
> > > And I suppose, guessing 15 digits will cause a loong time [...]
> 
> > (Assuming all 95 printable ascii characters) link to % time savings:
> 
> [...]
> 
> >  An interesting mathematical quirk about this ratio of the number of 
> > passwords
> >  shorter than n [...]
> 
> It's interesting how threads among us geeks can be totally derailed
> by a simple strawman (i.e. no-stars >= stars "because of security"),
> while the OP's motivation was rather "familiarity" (at least (s)he
> didn't say anything about security), which in itself is legitimate
> enough.
> 
> And watch this thread wander off to the woods on whether no-stars
> is more secure than stars, and whether significantly so.
> 
> Fascinating :-)

Motivation is in

 
http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/2017-December/016347.html

  There are mainly 2 reasons behind this proposal:
  1. Security by obscurity (hiding the length of pass-phrase)
  2. consistency

-- 
Brian.

strawman [was: LUKS password gets printed as stars]

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, Dec 23, 2017 at 03:14:25PM +, Curt wrote:
> On 2017-12-23, Hans  wrote:

[...]

> > And I suppose, guessing 15 digits will cause a loong time [...]

> (Assuming all 95 printable ascii characters) link to % time savings:

[...]

>  An interesting mathematical quirk about this ratio of the number of passwords
>  shorter than n [...]

It's interesting how threads among us geeks can be totally derailed
by a simple strawman (i.e. no-stars >= stars "because of security"),
while the OP's motivation was rather "familiarity" (at least (s)he
didn't say anything about security), which in itself is legitimate
enough.

And watch this thread wander off to the woods on whether no-stars
is more secure than stars, and whether significantly so.

Fascinating :-)

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlo+lcoACgkQBcgs9XrR2kY/MACeOf6uPfzI3qSlzcqwR5cCSw43
avwAn0PNRC7dabhyHdGHbNEjFbuyJUai
=o6R9
-END PGP SIGNATURE-

Re: LUKS password gets printed as stars

[Curt]

On 2017-12-23, Hans  wrote:
>
> But 1 percent longer for each added digit sounds not much. However, when it 
> comes to more digits, let's say 16 (WPA2 often uses 16 digits with only 
> letters and numbers), then the time to crack will increase rapidely.
>
> If I understood you correct, and please correct me if I am wrong, this is 1 
> percent of the time for trying all combinations with one lesser digit.
>
> And I suppose, guessing 15 digits will cause a loong time, and 1 percent 
> of this long time plus another much more looong time will result in a 
> very looong time. So, the more unnecessary digits, the better.

(Assuming all 95 printable ascii characters) link to % time savings:
 
http://www.wolframalpha.com/input/?i=%28sum%20from%20n%3D1%20to%20n%3D16%20of%2095%5En%20%29%20%2F%2095%5E17==Submit

Quote:

 An interesting mathematical quirk about this ratio of the number of passwords
 shorter than n, over the number of passwords of length n, is that it doesn't
 really depend on n. This is because we're already very close to the asymptote
 of 1/95 = 0.0105. So an attacker gets the same relative, or percentage, time
 savings from this trick regardless of the length of your password; it's always
 between 1% - 2%. Though, of course, the absolute time that it takes grows
 orders of magnitude with each new character that you add.

https://security.stackexchange.com/questions/92233/how-critical-is-it-to-keep-your-password-length-secret


-- 
"An autobiography is only to be trusted when it reveals something disgraceful.
A man who gives a good account of himself is probably lying, since any life
when viewed from the inside is simply a series of defeats."
— George Orwell

Re: LUKS password gets printed as stars

[Hans]

Am Samstag, 23. Dezember 2017, 13:57:59 CET schrieb Anders Andersson:
Hi Anders, 

this is an interesting point, you showed. I suppose, 10 digits will be mostly 
be used by poeple, maybe less.

But 1 percent longer for each added digit sounds not much. However, when it 
comes to more digits, let's say 16 (WPA2 often uses 16 digits with only 
letters and numbers), then the time to crack will increase rapidely.

If I understood you correct, and please correct me if I am wrong, this is 1 
percent of the time for trying all combinations with one lesser digit.

And I suppose, guessing 15 digits will cause a loong time, and 1 percent 
of this long time plus another much more looong time will result in a 
very looong time. So, the more unnecessary digits, the better.

Anders, is there an error in my thoughts?

For all people, reading this: However, going back to the original theme: IMO 
showing stars for the password is worse (although typing could be heard and 
finger moves can be counted) than not to be shown. I remember in kdm or other 
login managers, it could be chosen, if there are 1 star/letter,  3 stars/
letter or none. 

Maybe this option should be added, so any operator can decide (after encodinng 
the drives), which option he prefers: 1, 3 or none.

Have a happy christmas

Best 

Hans

> No. I've been facepalming myself through this thread but I can't
> really keep my mouth shut anymore.
> 
> All this is very misguided. Knowing the length of your password means
> that it takes about 1-2% less time to brute-force it, no matter how
> many characters you use.
> 
> This is because every extra character multiplies the difficulty by
> about 50-100 depending on what type of characters you pick from.
> 
> Let's say you use a 10 letter password, from a pool of 100 characters
> for each letter and someone is brute-forcing it. If they *know* that
> you have 10 letters in your password, they will have to try on average
> 100^10/2 = 5000 times before they find the right
> password.
> 
> Now, what happens if they *don't* know? They will have to start
> testing all possible 1-letter passwords, then 2-letter, 3-letter etc:
> (100^1 + 100^2 + 100^3...)/2 = 50505050505050505050. Wow, to
> brute-force without known the number requires 1.01% more calculations.

Re: LUKS password gets printed as stars

[Anders Andersson]

On Fri, Dec 22, 2017 at 10:25 PM, Richard Hector  wrote:
> On 21/12/17 22:16, Curt wrote:
>> On 2017-12-20, Richard Hector  wrote:
>>>
>>> On 21/12/17 02:02, Curt wrote:
 Also, I'm uncertain whether suppression of the asterisk-echo qualifies
 as "security by obscurity"
>>>
>>> I think most people accept that obscurity is quite reasonable for
>>> passwords ...
>>>
>>> Richard
>>>
>>
>> Wonderful, Dick, however, I was referring to the specific expression
>> "security by (or through) obscurity," which denotes something else.
>>
>> https://en.wikipedia.org/wiki/Security_through_obscurity
>
> I'm aware of that concept. But making it harder to see the length of the
> password makes it harder to guess the password, no? Which has got to be
> good?

No. I've been facepalming myself through this thread but I can't
really keep my mouth shut anymore.

All this is very misguided. Knowing the length of your password means
that it takes about 1-2% less time to brute-force it, no matter how
many characters you use.

This is because every extra character multiplies the difficulty by
about 50-100 depending on what type of characters you pick from.

Let's say you use a 10 letter password, from a pool of 100 characters
for each letter and someone is brute-forcing it. If they *know* that
you have 10 letters in your password, they will have to try on average
100^10/2 = 5000 times before they find the right
password.

Now, what happens if they *don't* know? They will have to start
testing all possible 1-letter passwords, then 2-letter, 3-letter etc:
(100^1 + 100^2 + 100^3...)/2 = 50505050505050505050. Wow, to
brute-force without known the number requires 1.01% more calculations.

Re: LUKS password gets printed as stars

[Brian]

On Sat 23 Dec 2017 at 10:25:10 +1300, Richard Hector wrote:

> On 21/12/17 22:16, Curt wrote:
> > On 2017-12-20, Richard Hector  wrote:
> >>
> >> On 21/12/17 02:02, Curt wrote:
> >>> Also, I'm uncertain whether suppression of the asterisk-echo qualifies
> >>> as "security by obscurity"
> >>
> >> I think most people accept that obscurity is quite reasonable for
> >> passwords ...
> >>
> >> Richard
> >>
> > 
> > Wonderful, Dick, however, I was referring to the specific expression
> > "security by (or through) obscurity," which denotes something else.
> > 
> > https://en.wikipedia.org/wiki/Security_through_obscurity
> 
> I'm aware of that concept. But making it harder to see the length of the
> password makes it harder to guess the password, no? Which has got to be
> good?

Definitely. Knowing the password is twenty characters reduces the time
taken to guess it from ten billion years to an estimated five million
years.

-- 
Brian.

Re: LUKS password gets printed as stars

[Richard Hector]

On 21/12/17 22:16, Curt wrote:
> On 2017-12-20, Richard Hector  wrote:
>>
>> On 21/12/17 02:02, Curt wrote:
>>> Also, I'm uncertain whether suppression of the asterisk-echo qualifies
>>> as "security by obscurity"
>>
>> I think most people accept that obscurity is quite reasonable for
>> passwords ...
>>
>> Richard
>>
> 
> Wonderful, Dick, however, I was referring to the specific expression
> "security by (or through) obscurity," which denotes something else.
> 
> https://en.wikipedia.org/wiki/Security_through_obscurity

I'm aware of that concept. But making it harder to see the length of the
password makes it harder to guess the password, no? Which has got to be
good?

On 21/12/17 23:57, Curt wrote:
>>> Also, I'm uncertain whether suppression of the asterisk-echo qualifies
>>> as "security by obscurity [...]
>> I'm certain. It doesn't.
> Here too.

And you seem to agree.

Richard ((almost) always Richard, and never Dick)



signature.asc
Description: OpenPGP digital signature

Re: LUKS password gets printed as stars

[Curt]

On 2017-12-21,   wrote:
>
> On Wed, Dec 20, 2017 at 01:02:51PM +, Curt wrote:
>
> [...]
>
>> Now we want to change the default. Give them the moon, and they want the
>> stars, too!
>
> Who is "them"? "Not us"?
>
> Perhaps you're trying to construe a conflict where, actually there
> isn't one.
>
> Now if I were in charge of systemd-ask-password, I'd be willing to
> incorporate suppression of the stars as a user-configurable option,
> but I'd be firmly against changing the default.
>
> YMMV.
  
We are in severe agreement.

>> Also, I'm uncertain whether suppression of the asterisk-echo qualifies
>> as "security by obscurity [...]
>
> I'm certain. It doesn't.

Here too.

> Cheers
> - -- t
>
>


-- 
"An autobiography is only to be trusted when it reveals something disgraceful.
A man who gives a good account of himself is probably lying, since any life
when viewed from the inside is simply a series of defeats."
— George Orwell

Re: LUKS password gets printed as stars

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Dec 20, 2017 at 01:02:51PM +, Curt wrote:

[...]

> Now we want to change the default. Give them the moon, and they want the
> stars, too!

Who is "them"? "Not us"?

Perhaps you're trying to construe a conflict where, actually there
isn't one.

Now if I were in charge of systemd-ask-password, I'd be willing to
incorporate suppression of the stars as a user-configurable option,
but I'd be firmly against changing the default.

YMMV.
 
> Also, I'm uncertain whether suppression of the asterisk-echo qualifies
> as "security by obscurity [...]

I'm certain. It doesn't.

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlo7kXQACgkQBcgs9XrR2kbpbACeNtmK2/fkBJwnA6VS/tm6SvYt
vyoAniDYtHG3m1RjVviijDze9FGoL/jT
=Edih
-END PGP SIGNATURE-

Re: LUKS password gets printed as stars

[Curt]

On 2017-12-20, Richard Hector  wrote:
>
> On 21/12/17 02:02, Curt wrote:
>> Also, I'm uncertain whether suppression of the asterisk-echo qualifies
>> as "security by obscurity"
>
> I think most people accept that obscurity is quite reasonable for
> passwords ...
>
> Richard
>

Wonderful, Dick, however, I was referring to the specific expression
"security by (or through) obscurity," which denotes something else.

https://en.wikipedia.org/wiki/Security_through_obscurity


-- 
"An autobiography is only to be trusted when it reveals something disgraceful.
A man who gives a good account of himself is probably lying, since any life
when viewed from the inside is simply a series of defeats."
— George Orwell

Re: LUKS password gets printed as stars

[Richard Hector]

On 21/12/17 02:02, Curt wrote:
> Also, I'm uncertain whether suppression of the asterisk-echo qualifies
> as "security by obscurity"

I think most people accept that obscurity is quite reasonable for
passwords ...

Richard




signature.asc
Description: OpenPGP digital signature

Re: LUKS password gets printed as stars

[Curt]

On 2017-12-20, root kea  wrote:
> On Wed, Dec 20, 2017 at 3:18 AM, Jonathan Dowland  wrote:
>> On Wed, Dec 20, 2017 at 12:15:36AM +0530, root kea wrote:
>
>>> And I just filed a bug report [0]. if anybody interested they can
>>> follow the discussion there.
>>>
>>> [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884788
>>
>>
>> In this case I think you would have much more luck in at least getting
>> a discussion of the various merits of each approach, if not a change of
>> behaviour, by posting to the systemd-devel mailing list[1]
>
> Thanks for the suggestion! I just posted about "`systemd-ask-password`
> echoing stars(*) by default" on systemd-devel ML. [0]
>
> I genuinely hope that they change this default behavior.

I thought we wanted it to be configurable because it is currently not
configurable (through ordinary command-line means, short of
recompilation). Don Armstrong explained the rationale behind making
echoed "stars" the default and opining that a bug report with patch
would be welcome.

Now we want to change the default. Give them the moon, and they want the
stars, too!

Also, I'm uncertain whether suppression of the asterisk-echo qualifies
as "security by obscurity" (actually, that expression is almost
exclusively pejorative in my experience) as you claim in exposing your
reasoning in the article linked below.

> [0]
> https://lists.freedesktop.org/archives/systemd-devel/2017-December/040023.html


-- 
"An autobiography is only to be trusted when it reveals something disgraceful.
A man who gives a good account of himself is probably lying, since any life
when viewed from the inside is simply a series of defeats."
— George Orwell

Re: LUKS password gets printed as stars

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Dec 20, 2017 at 10:54:25AM +, Curt wrote:
> On 2017-12-20,   wrote:
> >
> > On Tue, Dec 19, 2017 at 02:07:34PM -0800, Don Armstrong wrote:
> >> On Wed, 20 Dec 2017, root kea wrote:
> >> > I want *default* password agent to be consistent with traditional *Nix
> >> > password handling. And that is echoing NOTHING at all.

[...]

> > Yes, the good ol' click-to-focus culture war, I know ;-P
> 
> 
> I wonder if the suppression of the echoed asterisks on the screen
> obviates the scenario of the malevolent bystander counting the number of
> characters in the OP's password. 
> 
> Perhaps his keystrokes make no noise because he has made some provision
> to suppress the telltale auditory signals emitted by his keyboard, but
> I'm assuming our malevolent bystander (with his back, cleverly, to the
> OP's terminal) has his smartphone recording clicks.
> 
> But then again in the end the OP invokes "tradition," so all bets are
> effectively off. I suppose he could argue that at least one attack
> vector has been eliminated once he stops seeing stars, although the
> real-world utility of knowing the length of a high-entropy password
> requires demonstration.

I think the most important thing here is "give the user the possibility
to use the software as (s)he pleases" vs. "we know better than you: suck
it up". Granted, I'm biased here.

"Just tradition" is perhaps another way to frame this conflict, may
be with the other bias :-)

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlo6S1MACgkQBcgs9XrR2kZhsACdHF+ZfxdHs8R7mw4CxfKjI3Ix
BdMAn12NgHJdEysOR1hGX16Kyd8v/YI9
=v6+R
-END PGP SIGNATURE-

Re: LUKS password gets printed as stars

[root kea]

On Wed, Dec 20, 2017 at 3:18 AM, Jonathan Dowland  wrote:
> On Wed, Dec 20, 2017 at 12:15:36AM +0530, root kea wrote:

>> And I just filed a bug report [0]. if anybody interested they can
>> follow the discussion there.
>>
>> [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884788
>
>
> In this case I think you would have much more luck in at least getting
> a discussion of the various merits of each approach, if not a change of
> behaviour, by posting to the systemd-devel mailing list[1]

Thanks for the suggestion! I just posted about "`systemd-ask-password`
echoing stars(*) by default" on systemd-devel ML. [0]

I genuinely hope that they change this default behavior.

[0] 
https://lists.freedesktop.org/archives/systemd-devel/2017-December/040023.html
-- 
Avinash Sonawane (rootKea)
PICT, Pune
https://rootkea.wordpress.com

Re: LUKS password gets printed as stars

[Curt]

On 2017-12-20,   wrote:
>
> On Tue, Dec 19, 2017 at 02:07:34PM -0800, Don Armstrong wrote:
>> On Wed, 20 Dec 2017, root kea wrote:
>> > I want *default* password agent to be consistent with traditional *Nix
>> > password handling. And that is echoing NOTHING at all.
>> 
>> You can just recompile systemd-ask-password and set ASK_PASSWORD_SILENT
>> true. This probably should be a command-line option, though. I suspect
>> that a bug report with a patch will be well received.
>
> This was what we were missing, thanks Dan.
>
> [...]
>
>> The default is this way because it's less surprising to users who aren't
>> used to this style of password prompt. I personally prefer the other way
>> around, but that's because I already know what is going on and can
>> change it if I care.
>
> Yes, the good ol' click-to-focus culture war, I know ;-P


I wonder if the suppression of the echoed asterisks on the screen
obviates the scenario of the malevolent bystander counting the number of
characters in the OP's password. 

Perhaps his keystrokes make no noise because he has made some provision
to suppress the telltale auditory signals emitted by his keyboard, but
I'm assuming our malevolent bystander (with his back, cleverly, to the
OP's terminal) has his smartphone recording clicks.

But then again in the end the OP invokes "tradition," so all bets are
effectively off. I suppose he could argue that at least one attack
vector has been eliminated once he stops seeing stars, although the
real-world utility of knowing the length of a high-entropy password
requires demonstration.

> Thanks for the insight!
>
> Cheers
> - -- t
>
>


-- 
"An autobiography is only to be trusted when it reveals something disgraceful.
A man who gives a good account of himself is probably lying, since any life
when viewed from the inside is simply a series of defeats."
— George Orwell

Re: LUKS password gets printed as stars

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Dec 19, 2017 at 02:07:34PM -0800, Don Armstrong wrote:
> On Wed, 20 Dec 2017, root kea wrote:
> > I want *default* password agent to be consistent with traditional *Nix
> > password handling. And that is echoing NOTHING at all.
> 
> You can just recompile systemd-ask-password and set ASK_PASSWORD_SILENT
> true. This probably should be a command-line option, though. I suspect
> that a bug report with a patch will be well received.

This was what we were missing, thanks Dan.

[...]

> The default is this way because it's less surprising to users who aren't
> used to this style of password prompt. I personally prefer the other way
> around, but that's because I already know what is going on and can
> change it if I care.

Yes, the good ol' click-to-focus culture war, I know ;-P

Thanks for the insight!

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlo6FWoACgkQBcgs9XrR2kacuACfTb/D/6QFCXsdJLAj0S0hAqmb
P2oAnRBKJiJQ2F8s5iYDId3hGz6mfMkW
=1olO
-END PGP SIGNATURE-

Re: LUKS password gets printed as stars

[Don Armstrong]

On Wed, 20 Dec 2017, root kea wrote:
> I want *default* password agent to be consistent with traditional *Nix
> password handling. And that is echoing NOTHING at all.

You can just recompile systemd-ask-password and set ASK_PASSWORD_SILENT
true. This probably should be a command-line option, though. I suspect
that a bug report with a patch will be well received.

> I am amazed that at times I had to defend not wanting stars(*) getting
> echoed on terminal on *Linux* box. That should have been other way
> around. That is the onus to defend should be on the one who wants
> stars(*) being echoed on Terminal.

The default is this way because it's less surprising to users who aren't
used to this style of password prompt. I personally prefer the other way
around, but that's because I already know what is going on and can
change it if I care.

-- 
Don Armstrong  https://www.donarmstrong.com

Whatever you do will be insignificant, but it is very important that
you do it.
 -- Mohandas Karamchand Gandhi

Re: LUKS password gets printed as stars

[Jonathan Dowland]

On Wed, Dec 20, 2017 at 12:15:36AM +0530, root kea wrote:

I am amazed that at times I had to defend not wanting stars(*) getting
echoed on terminal on *Linux* box. That should have been other way
around. That is the onus to defend should be on the one who wants
stars(*) being echoed on Terminal.


I suspect the whole thing has been discussed a long time and in great
depth somewhere else.


And I just filed a bug report [0]. if anybody interested they can
follow the discussion there.

[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884788


In this case I think you would have much more luck in at least getting
a discussion of the various merits of each approach, if not a change of
behaviour, by posting to the systemd-devel mailing list[1]


[1] https://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.

Re: LUKS password gets printed as stars

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Dec 20, 2017 at 12:15:36AM +0530, root kea wrote:
> On Tue, Dec 19, 2017 at 11:58 PM,   wrote:
> 
> > So you might try to write your own agent, or file a wishlist
> > bug.
> 
> I want *default* password agent to be consistent with traditional *Nix
> password handling. And that is echoing NOTHING at all.
> 
> I am amazed that at times I had to defend not wanting stars(*) getting
> echoed on terminal on *Linux* box. That should have been other way
> around. That is the onus to defend should be on the one who wants
> stars(*) being echoed on Terminal.

That's the main reason I avoid systemd: there are quite a few good ideas
in there, and the folks making it are pretty good, but generally pretty
opinionated too. But who knows, perhaps you can persuade them. Or...
we might have overseen something.

> Anyways, thank you for helping me out! I learned a thing or two thanks to you!
> 
> And I just filed a bug report [0]. if anybody interested they can
> follow the discussion there.
> 
> [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884788

Thanks for that, and eager to learn how this unfolds.

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlo5cBkACgkQBcgs9XrR2kbhfgCfRMoX8PTrOMxwHYqqOfmodn1E
BCEAn1LltJ15k6rVNhhIneMz5vM4lj17
=i78a
-END PGP SIGNATURE-

Re: LUKS password gets printed as stars

[root kea]

On Tue, Dec 19, 2017 at 11:58 PM,   wrote:

> So you might try to write your own agent, or file a wishlist
> bug.

I want *default* password agent to be consistent with traditional *Nix
password handling. And that is echoing NOTHING at all.

I am amazed that at times I had to defend not wanting stars(*) getting
echoed on terminal on *Linux* box. That should have been other way
around. That is the onus to defend should be on the one who wants
stars(*) being echoed on Terminal.

Anyways, thank you for helping me out! I learned a thing or two thanks to you!

And I just filed a bug report [0]. if anybody interested they can
follow the discussion there.

[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884788

Regards,
Avinash Sonawane (rootKea)
PICT, Pune
https://rootkea.wordpress.com

Re: LUKS password gets printed as stars

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Dec 19, 2017 at 11:04:38PM +0530, root kea wrote:

[...]

> Thanks for the apt-file tip. I was hoping to find systemd-ask-password
> command execution in this file so that I could omit `--echo` switch
> (I'm thinking it's there as user input is echoed by default).
> 
> But instead systemd-tty-ask-password-agent [0] gets executed from that
> file which doesn't accept `--echo` as a flag. Here is the full
> contents of systemd-ask-password-console.service file [1]

Seems you are out of luck. Using the wonderful Debian code search:

  
https://sources.debian.org/src/systemd/236-1/src/shared/ask-password-api.c/?hl=386#L380

it seems the password entry routine either prints each of the
password's characters in clear () when the ASK_PASSWORD_ECHO
is set, or it prints a star "*" otherwise.

So you might try to write your own agent, or file a wishlist
bug.

But perhaps I'm overlooking something. After all, I'm the absolutely
wrong person to answer questions about systemd...

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlo5WjcACgkQBcgs9XrR2kb9lwCeOtdahCQn50OP/XkVbDiEXMp0
8e8AnjXFg3WA1oz3ZVyGt6WW2baMwyUq
=zD5Y
-END PGP SIGNATURE-

Re: LUKS password gets printed as stars

[root kea]

On Tue, Dec 19, 2017 at 1:58 AM,   wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Tue, Dec 19, 2017 at 12:42:57AM +0530, root kea wrote:

>> Now I just need to find out from where this `systemd-ask-password` is
>> executed and then edit it's command by omitting the `--echo` flag
>> thereby turning off the echo by default. (A sane default!)
>>
>> Though I'm searching for the `systemd-ask-password` command location;
>> any further help would be really appreciated!

> in the whereabouts of 
> /lib/systemd/system/systemd-ask-password-console.service.

Thanks for the apt-file tip. I was hoping to find systemd-ask-password
command execution in this file so that I could omit `--echo` switch
(I'm thinking it's there as user input is echoed by default).

But instead systemd-tty-ask-password-agent [0] gets executed from that
file which doesn't accept `--echo` as a flag. Here is the full
contents of systemd-ask-password-console.service file [1]

> Note that the usual way of customizing that is not by changing the
> service file in /lib/systemd/... but to put a new service file somewhere
> in /etc (/etc/systemd?) overriding it.

I can read up more on that and can create a new file but now not so
sure what to put there.

[0] 
https://www.freedesktop.org/software/systemd/man/systemd-tty-ask-password-agent.html
[1] https://pastebin.com/bSUPTqGt
-- 
Avinash Sonawane (rootKea)
PICT, Pune
https://rootkea.wordpress.com

Re: LUKS password gets printed as stars

[Dan Purgert]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ben Caradoc-Davies wrote:
> On 19/12/17 02:41, Roberto C. Sánchez wrote:
>> Whether stars are echoed or nothing is echoed, the passphrase remains
>> concealed.
>
> Not true if the passphrase is "**".
Wait, how'd you know my pass is "hunter2017"!?


-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJaOHk6AAoJEI4R3fMSeaKB3eQH/AhdnGPg5dBKlU4Rm02Jr004
9DxVEqlViWpdl9AN+Ja+ZptBbtCbuAQolESN/V2b6gEo5zmPM4A5rmKpa5JIjVHL
hvv0/3UskC1JEBtBUTJe1DpgPQ5xVzAj3vehgqE3qdedME7FMdaqLnz0W39mj9fl
59KspxzAVHi9w5N4ytC/o+nica4YVVMhbXdjC5mBpED3kZYzNM0cPd61PaXCk6Tt
KQyPKKemEIP4kV+94qIfNmvYi1j/hqmVxtOx5/jckulybXiVm8KXTPu8ixgGA5MJ
rosGNYhECsYCTl/iwRFUQW/KdzclgEk2lYqChXkyYe6W+jS9xZTOyevpCSDxNFs=
=qA2f
-END PGP SIGNATURE-

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Re: LUKS password gets printed as stars

[Ben Caradoc-Davies]

On 19/12/17 02:41, Roberto C. Sánchez wrote:

On Mon, Dec 18, 2017 at 06:41:00PM +0530, root kea wrote:

I am using LUKS on LVM on Debian Stretch. I have encrypted /home and
swap partition. When initram gets loaded it asks for password to
decrypt swap partition. That passowrd doesn't get printed to screen.
No stars. Nothing.
But After which Kernel gets loaded (I think) and it asks password for
/home which gets printed as stars. I'm really worried about this. Here
is a screenshot https://imgur.com/bC4AF6H
How do I prevent those stars from getting printed on the screen?

Whether stars are echoed or nothing is echoed, the passphrase remains
concealed.


Not true if the passphrase is "**".

Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Re: LUKS password gets printed as stars

[Ben Caradoc-Davies]

On 19/12/17 02:11, root kea wrote:

I am using LUKS on LVM on Debian Stretch. I have encrypted /home and
swap partition. When initram gets loaded it asks for password to
decrypt swap partition. That passowrd doesn't get printed to screen.
No stars. Nothing.
But After which Kernel gets loaded (I think) and it asks password for
/home which gets printed as stars. I'm really worried about this. Here
is a screenshot https://imgur.com/bC4AF6H
How do I prevent those stars from getting printed on the screen?


I did not see any stars in your screenshot. I saw the passphrase plain 
text "hunter2".


Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Re: LUKS password gets printed as stars

[deloptes]

to...@tuxteam.de wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Tue, Dec 19, 2017 at 12:42:57AM +0530, root kea wrote:
>> I don't know why but this email didn't get delivered to my mailbox
>> even after I'm being in "To" field. I couldn't even find this email in
>> spam. Thankfully, I decided to check debian-users archives and found
>> this mail there!
> 
> Strange. OK, my mail server hasn't yet SPF or DKIM, which might raise
> the mail's spam score, but just silently dropping the mail seems
> pretty uncivilised (but hey, it's Google, so...)
> 
> Perhaps now that you mailed me, gmail is a bit friendlier.
> 

Many times on other lists hosted by gmane mails are delayed/rejected by
recipients mail server (google) in which case appropriate message is
returned to the mailer (gmane) who in turn for obvious reasons suppresses
it.
I often get later a mail that mails addressed to me were held back.

So me too is reading primary gmane in a client and the mails send to my
mailbox are just for the record :)

regards

Re: LUKS password gets printed as stars

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Dec 19, 2017 at 12:42:57AM +0530, root kea wrote:
> I don't know why but this email didn't get delivered to my mailbox
> even after I'm being in "To" field. I couldn't even find this email in
> spam. Thankfully, I decided to check debian-users archives and found
> this mail there!

Strange. OK, my mail server hasn't yet SPF or DKIM, which might raise
the mail's spam score, but just silently dropping the mail seems
pretty uncivilised (but hey, it's Google, so...)

Perhaps now that you mailed me, gmail is a bit friendlier.

> As I have copy pasted mail by hand please excuse the poor formatting.

No problem, formatting is fine.

> > On 12/18/17, to...@tuxteam.de  wrote:

[...]

> > My crystal ball says you're using systemd [...]

> OMG! You are absolutely right! I went through the links you provided
> and ended up on systemd-ask-password [0]. As its manpage says, I tried
> pressing TAB and voila! echo is turned off! Here is the screenshot
> with echo off [1]

Glad we found it :-)

> BTW, pressing backspace as a very first char worked too (as mentioned
> in the same manpage).
> 
> Now I just need to find out from where this `systemd-ask-password` is
> executed and then edit it's command by omitting the `--echo` flag
> thereby turning off the echo by default. (A sane default!)
> 
> Though I'm searching for the `systemd-ask-password` command location;
> any further help would be really appreciated!

Install apt-file: very recommended. It lets you search for Debian
packages containing a file (by file name, even when the package
isn't installed):

 | tomas@trotzki:~$ apt-file search systemd-ask-password
 | manpages-de: /usr/share/man/de/man8/systemd-ask-password-console.service.8.gz
 | manpages-zh: /usr/share/man/zh_CN/man1/systemd-ask-password.1.gz
 | manpages-zh: /usr/share/man/zh_TW/man1/systemd-ask-password.1.gz
 | plymouth: /lib/systemd/system/systemd-ask-password-plymouth.path
 | plymouth: /lib/systemd/system/systemd-ask-password-plymouth.service
 | systemd: /bin/systemd-ask-password
 | systemd: 
/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
 | systemd: 
/lib/systemd/system/sysinit.target.wants/systemd-ask-password-console.path
 | systemd: /lib/systemd/system/systemd-ask-password-console.path
 | systemd: /lib/systemd/system/systemd-ask-password-console.service
 | systemd: /lib/systemd/system/systemd-ask-password-wall.path
 | systemd: /lib/systemd/system/systemd-ask-password-wall.service
 | systemd: /usr/share/man/man1/systemd-ask-password.1.gz
 | systemd: /usr/share/man/man8/systemd-ask-password-console.path.8.gz
 | systemd: /usr/share/man/man8/systemd-ask-password-console.service.8.gz
 | systemd: /usr/share/man/man8/systemd-ask-password-wall.path.8.gz
 | systemd: /usr/share/man/man8/systemd-ask-password-wall.service.8.gz

so now we know systemd-ask-password lives in /bin and comes with package
systemd. But I guess you are looking for its config file, perhaps something
in the whereabouts of /lib/systemd/system/systemd-ask-password-console.service.

Note that the usual way of customizing that is not by changing the
service file in /lib/systemd/... but to put a new service file somewhere
in /etc (/etc/systemd?) overriding it. My wisdom there is pretty
sparse, perhaps some systemd buff can chime in here.

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlo4JOQACgkQBcgs9XrR2ka0kwCePwPUB919slsKXrbKY6ERLmkq
4DEAn1HF0T8Ut7M450brLeF11kDm5qs3
=weY6
-END PGP SIGNATURE-

Re: LUKS password gets printed as stars

[root kea]

I don't know why but this email didn't get delivered to my mailbox
even after I'm being in "To" field. I couldn't even find this email in
spam. Thankfully, I decided to check debian-users archives and found
this mail there!

As I have copy pasted mail by hand please excuse the poor formatting.

> On 12/18/17, to...@tuxteam.de  wrote:
>> On Mon, Dec 18, 2017 at 06:41:00PM +0530, root kea wrote:

>> is a screenshot https://imgur.com/bC4AF6H

> My crystal ball says you're using systemd. It seems that it has a
> special "unit" to mount encrypted file systems [1], which may call
> into one of several password agents [2]. If this hunch is correct,
> you may start with [2], find out which agent you are talking to
> and perhaps reconfigure it in the way you like.

OMG! You are absolutely right! I went through the links you provided
and ended up on systemd-ask-password [0]. As its manpage says, I tried
pressing TAB and voila! echo is turned off! Here is the screenshot
with echo off [1]

BTW, pressing backspace as a very first char worked too (as mentioned
in the same manpage).

Now I just need to find out from where this `systemd-ask-password` is
executed and then edit it's command by omitting the `--echo` flag
thereby turning off the echo by default. (A sane default!)

Though I'm searching for the `systemd-ask-password` command location;
any further help would be really appreciated!

Thanks!

[0] https://www.freedesktop.org/software/systemd/man/systemd-ask-password.html
[1] https://imgur.com/u4nw6Lb
-- 
Avinash Sonawane (rootKea)
PICT, Pune
https://rootkea.wordpress.com

Re: LUKS password gets printed as stars

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Dec 18, 2017 at 10:17:07AM -0500, Cindy-Sue Causey wrote:

[...]

> Is it possible to pre-populate that field somehow in a way that
> doesn't change when any given user's moniker (username, account name,
> alias) is chosen? I'm imagining it to be in a similar way to how
> webmasters can define temporary, explanatory text in online form text
> fields.

I don't quite get that: you mean the password entry in a terminal?
What would be its use?

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlo36qUACgkQBcgs9XrR2kbWTwCeJ8D5/qMxRGVIFeF3qIKyj7ZS
UCUAnjQ110qbgxHrvi00LQ4LH2aDvU+X
=FNlX
-END PGP SIGNATURE-

Re: LUKS password gets printed as stars

[Cindy-Sue Causey]

On 12/18/17, Cindy-Sue Causey  wrote:
> On 12/18/17, to...@tuxteam.de  wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On Mon, Dec 18, 2017 at 02:53:27PM +0100, Jeroen Mathon wrote:
>>
>> Don't forget to cc root kea, (s)he isn't on list. And oh, don't
>> top post... pretty please :-)
>>
>>> I have never seen any stars in my Luks screen.
>>>
>>> As long as it decrypts the drive i see no real issue here.
>>
>> Perhaps root kea doesn't want others to see the passphrase's
>> length? Perhaps it's just custom? Being able to configure
>> that seems a legitimate wish, to me at least.
>
>
> It crossed my mind, too, that root kea wanted to mask the ability to
> see password length. I've relied a little on that password length hint
> a time or two out on the Net when using my own passwords.
>
> These days I've noticed a few places will mask the length by showing
> the wrong number of asterisks. I've seen it go either way where there
> are more asterisks or less asterisks than the actual length of website
> access passwords. If I encounter that feature again soon, I'll come
> back and update with where it was seen.


Ok, I *literally* smacked myself in the head this time. The split
second my first email here successfully posted, a thought occurred...

Is it possible to pre-populate that field somehow in a way that
doesn't change when any given user's moniker (username, account name,
alias) is chosen? I'm imagining it to be in a similar way to how
webmasters can define temporary, explanatory text in online form text
fields.

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

Re: LUKS password gets printed as stars

[Cindy-Sue Causey]

On 12/18/17, to...@tuxteam.de  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Mon, Dec 18, 2017 at 02:53:27PM +0100, Jeroen Mathon wrote:
>
> Don't forget to cc root kea, (s)he isn't on list. And oh, don't
> top post... pretty please :-)
>
>> I have never seen any stars in my Luks screen.
>>
>> As long as it decrypts the drive i see no real issue here.
>
> Perhaps root kea doesn't want others to see the passphrase's
> length? Perhaps it's just custom? Being able to configure
> that seems a legitimate wish, to me at least.


It crossed my mind, too, that root kea wanted to mask the ability to
see password length. I've relied a little on that password length hint
a time or two out on the Net when using my own passwords.

These days I've noticed a few places will mask the length by showing
the wrong number of asterisks. I've seen it go either way where there
are more asterisks or less asterisks than the actual length of website
access passwords. If I encounter that feature again soon, I'll come
back and update with where it was seen.

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Re: LUKS password gets printed as stars

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Dec 18, 2017 at 02:53:27PM +0100, Jeroen Mathon wrote:

Don't forget to cc root kea, (s)he isn't on list. And oh, don't
top post... pretty please :-)

> I have never seen any stars in my Luks screen.
> 
> As long as it decrypts the drive i see no real issue here.

Perhaps root kea doesn't want others to see the passphrase's
length? Perhaps it's just custom? Being able to configure
that seems a legitimate wish, to me at least.

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlo3ydgACgkQBcgs9XrR2kabKQCfdC2bq8imH4DDJmmHHQlnPQvp
7WcAn23qdrI6Jk9C+xVFFjS+phZfuOds
=7wWk
-END PGP SIGNATURE-

Re: LUKS password gets printed as stars

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Dec 18, 2017 at 06:41:00PM +0530, root kea wrote:
> Hello!
> 
> I am using LUKS on LVM on Debian Stretch. I have encrypted /home and
> swap partition. When initram gets loaded it asks for password to
> decrypt swap partition. That passowrd doesn't get printed to screen.
> No stars. Nothing.
> 
> But After which Kernel gets loaded (I think) and it asks password for
> /home which gets printed as stars. I'm really worried about this. Here
> is a screenshot https://imgur.com/bC4AF6H

This looks like two different programs at work for asking your password.
At early time (your swap case), it's probably the "naked" cryptsetup,
which doesn't show any stars (for me, that's always, since I always
use "naked" cryptsetup). Later on (for your /home partition), init
has taken over and is probably calling cryptsetup on your behalf,
possibly using something else to collect the passphrase from you.

My crystal ball says you're using systemd. It seems that it has a
special "unit" to mount encrypted file systems [1], which may call
into one of several password agents [2]. If this hunch is correct,
you may start with [2], find out which agent you are talking to
and perhaps reconfigure it in the way you like.

I haven't systemd over here, so that's all advice I can muster up.
Perhaps someone more knowledgeable can chime in.

> PS - while replying please CC me as I'm not subscribed to debian-users.

Done.

Cheers

[1] https://www.linux.org/docs/man8/systemd-cryptsetup.html
[2] https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlo3yNkACgkQBcgs9XrR2kYl4QCfcSMMdkBxTR/k4vYUVms/EFD+
tq0AnRFbM6JD4/wsym3UDdboak20AIfp
=6JGh
-END PGP SIGNATURE-

Re: LUKS password gets printed as stars

[Jeroen Mathon]

I have never seen any stars in my Luks screen.

As long as it decrypts the drive i see no real issue here.


On 12/18/2017 02:41 PM, Roberto C. Sánchez wrote:
> On Mon, Dec 18, 2017 at 06:41:00PM +0530, root kea wrote:
>> Hello!
>>
>> I am using LUKS on LVM on Debian Stretch. I have encrypted /home and
>> swap partition. When initram gets loaded it asks for password to
>> decrypt swap partition. That passowrd doesn't get printed to screen.
>> No stars. Nothing.
>>
>> But After which Kernel gets loaded (I think) and it asks password for
>> /home which gets printed as stars. I'm really worried about this. Here
>> is a screenshot https://imgur.com/bC4AF6H
>>
>> How do I prevent those stars from getting printed on the screen?
>>
> Whether stars are echoed or nothing is echoed, the passphrase remains
> concealed.  What is the precise vulnerability that you are trying to
> address?
>
> Regards,
>
> -Roberto
>




signature.asc
Description: OpenPGP digital signature

Re: LUKS password gets printed as stars

[Roberto C . Sánchez]

On Mon, Dec 18, 2017 at 06:41:00PM +0530, root kea wrote:
> Hello!
> 
> I am using LUKS on LVM on Debian Stretch. I have encrypted /home and
> swap partition. When initram gets loaded it asks for password to
> decrypt swap partition. That passowrd doesn't get printed to screen.
> No stars. Nothing.
> 
> But After which Kernel gets loaded (I think) and it asks password for
> /home which gets printed as stars. I'm really worried about this. Here
> is a screenshot https://imgur.com/bC4AF6H
> 
> How do I prevent those stars from getting printed on the screen?
> 

Whether stars are echoed or nothing is echoed, the passphrase remains
concealed.  What is the precise vulnerability that you are trying to
address?

Regards,

-Roberto

-- 
Roberto C. Sánchez

LUKS password gets printed as stars

[root kea]

Hello!

I am using LUKS on LVM on Debian Stretch. I have encrypted /home and
swap partition. When initram gets loaded it asks for password to
decrypt swap partition. That passowrd doesn't get printed to screen.
No stars. Nothing.

But After which Kernel gets loaded (I think) and it asks password for
/home which gets printed as stars. I'm really worried about this. Here
is a screenshot https://imgur.com/bC4AF6H

How do I prevent those stars from getting printed on the screen?

PS - while replying please CC me as I'm not subscribed to debian-users.

Thank you.

Regards,
Avinash Sonawane (rootKea)
PICT, Pune
https://rootkea.wordpress.com