[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Password input double check?
From: |
Ben Escoto |
Subject: |
Re: [Duplicity-talk] Password input double check? |
Date: |
Wed, 13 Aug 2003 23:22:57 -0700 |
>>>>> "DR" == David Rigel <address@hidden>
>>>>> wrote the following on Wed, 13 Aug 2003 23:44:07 +0200
DR> Hi I've searched the mail archives about this topic with no
DR> luck. However, I guess that this must been commented
DR> before. Sorry if this is a dupe.
Nope, it's new to me, although maybe a no-brainer in retrospect.
DR> When making a backup, the function get_passphrase() reads the
DR> user password used to encrypt the file. If the environment
DR> variable PASSPHRASE is not set, then it tries to get it from
DR> user using getpass.
DR> The problem is: it does not double check it! What if the user
DR> mispells the passphrase? Then the backup is useless
DR> (unrecoverable). That's why GPG asks twice for the
DR> passphrase. It aborts when the strings do not match. And note
DR> that this is quite a common issue when using long passphrases.
I guess I was never bothered by this because I would never type my
passphrase in. But fixed now in CVS I think. You can get the patch
at:
http://savannah.nongnu.org/cgi-bin/viewcvs/duplicity/duplicity/duplicity-bin.diff?r1=1.16&r2=1.17
(Apply it to your "duplicity" script if you have the packaged version
and not CVS.)
--
Ben Escoto
pgpex9Q1xdXC3.pgp
Description: PGP signature