GNU bug report logs

#35716 Password security bugs in LUKS configuration during guided install

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #5 received at submit@debbugs.gnu.org (full text, mbox, reply):

Received: (at submit) by debbugs.gnu.org; 13 May 2019 15:11:58 +0000
From debbugs-submit-bounces@debbugs.gnu.org Mon May 13 11:11:58 2019
Received: from localhost ([127.0.0.1]:45946 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hQCcQ-0006qp-E3
	for submit@debbugs.gnu.org; Mon, 13 May 2019 11:11:58 -0400
Received: from eggs.gnu.org ([209.51.188.92]:33823)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <sirmacik@wioo.waw.pl>) id 1hQCaE-0006mg-Vx
 for submit@debbugs.gnu.org; Mon, 13 May 2019 11:09:44 -0400
Received: from lists.gnu.org ([209.51.188.17]:40048)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <sirmacik@wioo.waw.pl>)
 id 1hQCa9-000649-TQ
 for submit@debbugs.gnu.org; Mon, 13 May 2019 11:09:37 -0400
Received: from eggs.gnu.org ([209.51.188.92]:48203)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <sirmacik@wioo.waw.pl>) id 1hQCa8-0007zf-OY
 for bug-guix@gnu.org; Mon, 13 May 2019 11:09:37 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED
 autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <sirmacik@wioo.waw.pl>) id 1hQCa7-00062N-Sp
 for bug-guix@gnu.org; Mon, 13 May 2019 11:09:36 -0400
Received: from mail.freearts.agency ([51.68.137.137]:57486)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <sirmacik@wioo.waw.pl>)
 id 1hQCa7-0005v4-CY
 for bug-guix@gnu.org; Mon, 13 May 2019 11:09:35 -0400
Received: from localhost (localhost [127.0.0.1]) (Authenticated sender:
 sirmacik@wioo.waw.pl)
 by mail.freearts.agency (Postcow) with ESMTPSA id B0A3840369
 for <bug-guix@gnu.org>; Mon, 13 May 2019 17:09:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wioo.waw.pl; s=dkim;
 t=1557760164; h=from:from:sender:reply-to:subject:subject:date:date:
 message-id:message-id:to:to:cc:mime-version:mime-version:
 content-type:content-type:content-transfer-encoding:in-reply-to:
 references; bh=NrouV7C7YauNrC8HBFUVMq1aKT+x++0bm8qTLNdOwk4=;
 b=j8DCrlfoOyUUfuKXHrW9zEPNjtOlO0o25H2KNpuOyk31CSgHuHmc21LGwfFPBIb6Gjj+QD
 dyN27ulhBAY5LOuhspIRHqiTNnr/VTwrsqdZf8CPBozvNEOS0awk0CCPezZvFT25A3HM8v
 apaev5rvDasHncOTO/9TG24pVkh8QBSsuCwQRKFaSYFFrsjVzL123S8jI1mcULeDyPGOqT
 HP6CjqsnX+hX5xEzYuesMhG6VfvuO9gklN4oXXbqtGkJBNQKGqkMIQfr5cAwa1Qo7uwGkO
 rNUGicI44fDTJVeUtegB25Yrr2jlAHUv1OHRgZNvoPTUOUlPOxE5rro+CzlkaA==
Date: Mon, 13 May 2019 17:09:22 +0200
From: sirmacik <sirmacik@wioo.waw.pl>
To: bug-guix@gnu.org
Subject: Password security bugs in LUKS configuration during guided install 
Message-ID: <20190513150922.GA30339@mail.freearts.agency>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Microsoft Office/14.0 (Windows NT 6.0; Microsoft Outlook
 14.0.4760; Pro)
X-PGP-Key: https://sirmacik.net/dl/wioo.asc
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=wioo.waw.pl;
 s=dkim; t=1557760164; h=from:from:sender:reply-to:subject:subject:date:date:
 message-id:message-id:to:to:cc:mime-version:mime-version:
 content-type:content-type:content-transfer-encoding:in-reply-to:
 references; bh=NrouV7C7YauNrC8HBFUVMq1aKT+x++0bm8qTLNdOwk4=;
 b=TcwtMpUmUe8zt8I33Vvk78HAmp4uaaVDCq3j22u8BqpNweymT8223oHY3PFQSarOTR+3Nt
 m+tTOgqFtsTuemDdXhavQO2bRjtmhItBhae90oesYiBa/AhfqLauHFrv68+XfOZKPGbMXF
 db+bYOjX/07r+49VlDBuja7fqIWlQS+ELCie1D1FS3CLXWXUZPFMzDDNsBcHwQtAg17esR
 7pqqT2BUkC+4UeHEXZ74WLTa/rq0oJAkeXAzGK4SYqHszo0VsIUHjOOmit9GeO8mhP40N+
 T4oYB0O68O2y9n+47t/RoisfThRGuuGhST2JP2+56sL6NNCJU5fMWQQENt8V1w==
ARC-Seal: i=1; s=dkim; d=wioo.waw.pl; t=1557760164; a=rsa-sha256; cv=none;
 b=Z7nzYN6NNkHBS3rl99P9QCvfpalRIfBJwNl4o8Kd2Fp1NwgiWHWBLhMaNrBr+ttMQcNuk5
 nGFf5ZY7Q/9r4ZbKIHK2odpX5jcH4kTjo5hmevwPsrwfNqYnxzuVMkL5hwfNDEWBAkny0S
 y372vCld3ksLlI8Jp5r3vnLW3aU2u7wqSPgUBNoAQGUSYOAsVaLUt4LVNIsw4uk/ITq7Gw
 zGkcJpuCmICY0SZS+XOttYpnQC8IkJIar2+03V8CIeSpaLRPf/5K1aN0JqpYDGJumnWGHC
 mdgkykZ91ewDiKU+piVqZlVVnTbCLRL4fKvay0NoYYCM01nlzziH66FzBc4zlA==
ARC-Authentication-Results: i=1; mail.freearts.agency;
 auth=pass smtp.auth=sirmacik@wioo.waw.pl smtp.mailfrom=sirmacik@wioo.waw.pl
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 51.68.137.137
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Mon, 13 May 2019 11:11:55 -0400
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

Hey Guix

I've asked on IRC if those bugs were known but apparently no, so here
they are:

- during guided installation with LUKS encryption one is not able to
  enter password longer then length of field;
- in the same field password is shown during typing (lets one see bug
  above, characters typed after reaching length of field are simply
  not recorded);

Field with conformation hides typed letters. Due to bug #1 I wasn't
able to check if it works properly.

--
sirmacik
PGP: 0xE0DC81D523891771

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Fri Jan 3 03:40:24 2025; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.