** Description changed:
when doing a backup for the first time, dejadup verifies your passphrase
by having you enter it twice.
on future incremental backups it doesn't need to do this because
entering the wrong password will result in the backup failing.
with the periodic 'full' backups that happen from time to time, however,
any password will be accepted.
this can lead to a situation where you accidentally type the wrong
password once and are left in a situation where you don't know what you
typed and have no way to get your files (or do another incremental
backup on top of it).
i think this is what happened to me recently.
clearly, the fix is to explicitly verify the passphrase is correct when
doing a new full backup. this may be a duplicity bug.
+
+ === Ubuntu deja-dup SRU information ===
+
+ [impact]
+ Users may unwittingly re-set their backup password and not be able to restore
their data.
+
+ [test case]
+ - $ deja-dup-preferences # set up a dummy backup
+ - $ deja-dup --backup # complete first encrypted full backup
+ - $ rename 's/\.2016/\.2000/' /path/to/test/backup/*
+ - $ rename 's/\.2016/\.2000/' ~/.cache/deja-dup/*/*
+ - $ deja-dup --backup # second backup, enter the wrong password
+ - $ deja-dup --restore # try to restore with original password
+
+ [regression potential]
+ Should be limited? The fix is to delete the duplicity cache files, which
ought to be safe to delete.
** Also affects: deja-dup (Ubuntu Xenial)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/918489
Title:
duplicity allows bad passphrase on full backup if archive cache exists
To manage notifications about this bug go to:
https://bugs.launchpad.net/deja-dup/+bug/918489/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
