Password security bugs in LUKS configuration during guided install

DoneSubmitted by sirmacik.
Details
2 participants
  • Ludovic Courtès
  • sirmacik
Owner
unassigned
Severity
important
S
S
sirmacik wrote on 13 May 2019 17:09
Download
(address . bug-guix@gnu.org)
20190513150922.GA30339@mail.freearts.agency
Download
Hey Guix
I've asked on IRC if those bugs were known but apparently no, so herethey are:
- during guided installation with LUKS encryption one is not able to enter password longer then length of field;- in the same field password is shown during typing (lets one see bug above, characters typed after reaching length of field are simply not recorded);
Field with conformation hides typed letters. Due to bug #1 I wasn'table to check if it works properly.
--sirmacikPGP: 0xE0DC81D523891771
L
L
Ludovic Courtès wrote on 14 May 2019 00:27
Download
control message for bug #35716
(address . control@debbugs.gnu.org)
874l5youqa.fsf@gnu.org
Download
severity 35716 important
L
L
Ludovic Courtès wrote on 14 May 2019 11:50
Download
(address . control@debbugs.gnu.org)
875zqd2wli.fsf@gnu.org
Download
tags 35716 security
L
L
Ludovic Courtès wrote on 14 May 2019 12:17
Download
Re: bug#35716: Password security bugs in LUKS configuration during guided install
(name . sirmacik)(address . sirmacik@wioo.waw.pl)(address . 35716-done@debbugs.gnu.org)
87v9yd1gsn.fsf@gnu.org
Download
Hi sirmacik,
sirmacik <sirmacik@wioo.waw.pl> skribis:
Toggle quote (6 lines)> I've asked on IRC if those bugs were known but apparently no, so here> they are:>> - during guided installation with LUKS encryption one is not able to> enter password longer then length of field;
Good catch!
Commit ef250707d3303d58ae00fe8f461701e7fa788d8a fixes it for thepassphrase, the root password, and user passwords.
Toggle quote (4 lines)> - in the same field password is shown during typing (lets one see bug> above, characters typed after reaching length of field are simply> not recorded);
This has been addressed recently:https://issues.guix.info/issue/35540.
Thanks for your report!
Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 35716@debbugs.gnu.org