From debbugs-submit-bounces@debbugs.gnu.org Tue May 14 06:17:39 2019 Received: (at 35716-done) by debbugs.gnu.org; 14 May 2019 10:17:39 +0000 Received: from localhost ([127.0.0.1]:47467 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hQUV9-0007se-8r for submit@debbugs.gnu.org; Tue, 14 May 2019 06:17:39 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41504) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hQUV6-0007sN-Sr for 35716-done@debbugs.gnu.org; Tue, 14 May 2019 06:17:37 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:32975) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hQUV0-000534-ON; Tue, 14 May 2019 06:17:30 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=47526 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hQUV0-0005sM-AD; Tue, 14 May 2019 06:17:30 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: sirmacik Subject: Re: bug#35716: Password security bugs in LUKS configuration during guided install References: <20190513150922.GA30339@mail.freearts.agency> Date: Tue, 14 May 2019 12:17:28 +0200 In-Reply-To: <20190513150922.GA30339@mail.freearts.agency> (sirmacik@wioo.waw.pl's message of "Mon, 13 May 2019 17:09:22 +0200") Message-ID: <87v9yd1gsn.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 35716-done Cc: 35716-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi sirmacik, sirmacik skribis: > I've asked on IRC if those bugs were known but apparently no, so here > they are: > > - during guided installation with LUKS encryption one is not able to > enter password longer then length of field; Good catch! Commit ef250707d3303d58ae00fe8f461701e7fa788d8a fixes it for the passphrase, the root password, and user passwords. > - in the same field password is shown during typing (lets one see bug > above, characters typed after reaching length of field are simply > not recorded); This has been addressed recently: . Thanks for your report! Ludo=E2=80=99.