the password entered during boot for an encrypted partition (e.g. /home) is shown in plain text after having entered it (behind usplash)

sorry, I forgot to say:

the ubuntu-version is 8.10 development (I downloaded the alternative installation-disc amd64 today and updated everything with apt-get dist-upgrade)

 Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue for you. Can you try with the latest Ubuntu release? Thanks in advance.

Hi Dan,

thanks for your input

indeed ! it unfortunately still is a problem

in the meantime I had switched back to gentoo (for this and more software/version reasons) but now I hopefully will be able to stay with ubuntu

I'm not using 8.10 (Intrepid) anymore but Jaunty (9.04 alpha4 alternate install CD) (it's a new installation which I just finished installing)

here some info concerning the configuration files:

/etc/fstab:
/dev/mapper/home /home reiserfs noatime,nodiratime,commit=600 1 2

/etc/crypttab:
home /dev/sda8 none luks

the problem is still:
when booting up it's prompting for the password and when having entered it successfully it checks the filesystem, after that it switches from usplash / splash to text-output and displays the last lines of output - including the just entered password

it isn't supposed to do that and besides that cryptsetup also should NOT show the password when / after being entered
I have nowhere else (in no other distribution) seen this kind of strange behavior

I can't confirm for 8.10 but for 9.04 (from today's state)

please fix this as soon as possible since this - in some kind - is a very critical security problem (for me):

you can have the securest password in the world but if everyone can read it and has enough time to write it down - it's worthless

Many thanks in advance

keep up your great work improving ubuntu :)

I don't know what you guys DID change but it's switching now to text-output when it's asking for the password (like before)

but the main difference now is that it stays at the text-output and doesn't show the password in plain-text anymore

there probably will be users complaining why it doesn't switch back to the splash screen - just let them scream and shout

they have NO idea ;)

I prefer security over aesthetics

Thanks !

an update:

I just wanted to let you know, that this problem persists on my other box !

I've just installed ubuntu jaunty alpha 6 (x86_64) from alternate install CD and after entering data to /etc/crypttab and modifying /etc/fstab lines

the first reboot:
usplash / splash wouldn't prompt for any input and seemingly the system was prompting for a password but it was not viewable (probably behind the splash), trying to switch via ALT + F* only lead to a black screen

the only "solution" (for me) to that was to kill some processes via Magic SysRQ Key + E, after that it continued (disc activity) and went to gdm prompt, I immediately rebooted

on the second boot:
it prompted for the password on the splash, I entered it, it switched to console output and the password was readable AGAIN !

please guys - try to reproduce this and FIX it

this is really a security problem when people are able to read your password after being entered

I can't afford buying a new laptop or a new system with integrated fingerprint reader ;)

thanks

this bad behavior (= broken and showing password after been entered) seems to approximately have gotten introduced between Thursday and Friday (right now),

because I just updated my laptop and it also just sits there (no harddisk activity) at the boot splash and doesn't prompt for the password - so it shows the same behavior like my other box

with ONE IMPORTANT DIFFERENCE:

it doesn't prompt for the password on the following boots !

who broke this (again) ? :(

please fix ASAP

thanks

ok, I just rebooted both and I have to make it clear:

there are 2 kind of different behavioral ways it can manifest itself:

1) the splash works fine (progress bar is continually going from left to right) then it prompts for password, after being entered it switches to console (text; black background and white text) output and shows the password on / after the cryptsetup line -> nice progress but security risk

2) the splash doesn't work (progressbar pretty fast goes from left to right and stays there on the right, no progress is being visualized) [this also happened before this problem with the password so it's also a specific bug / problem with the splash/usplash]
after some time disc activity stalls and doesn't go on, I found out that at that point it prompts for the password but doesn't show it so after having entered the password and having pressed the [Enter] button it goes straight to the gdm screen (not switching to console/text output) with /home | the encrypted partition mounted
-> bad aesthetics but secure hard to tell what to do for non-experienced users