passphrase prompt at boot-time lacks feedback

Bug #151305 reported by Ian Jackson on 2007-10-10
4
Affects Status Importance Assigned to Milestone
cryptsetup (Ubuntu)
Medium
Martin Pitt

Bug Description

Binary package hint: cryptsetup

With a test install of gutsy 20071009.1 i386 d-i. I selected use whole disk with LVM and encryption.

When I boot the system, it prompts me for the passphrase as expected.

When I enter the passphrase, however, there is nothing to tell me "yes, you got it right". The message prompting for the passphrase, and the asterisks, remain. The progress bar will start moving after a bit but I don't consider this adequate feedback.

Henrik Nilsen Omma (henrik) wrote :

I guess there is some HD activity, but I agree there should be some feedback.

Changed in cryptsetup:
importance: Undecided → Medium
status: New → Confirmed
Martin Pitt (pitti) on 2007-10-11
Changed in cryptsetup:
assignee: nobody → pitti
milestone: none → ubuntu-7.10
status: Confirmed → In Progress
Martin Pitt (pitti) wrote :

Fix uploaded, waiting for Steve's approval now. I do not want to accept my own uploads.

Changed in cryptsetup:
status: In Progress → Fix Committed
Martin Pitt (pitti) wrote :

cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low

  * debian/initramfs/cryptroot-script:
    - If the supplied password worked, remove the prompt from usplash again,
      so that the user has some visual feedback that everything is alright.
      (LP: #151305)
    - Do not show the UUID device node of the outer physical device. It is
      scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not
      improve security at all: If attackers can tamper with your initramfs,
      they can also change the prompt, and if the UUID of the physical device
      changes, then booting will not even get that far. Now it is a much more
      friendly "Enter passphrase for sda5_crypt:" which is still technical,
      but it's necessary to point out which device will be unlocked in case
      there are several.

 -- Martin Pitt <email address hidden> Thu, 11 Oct 2007 19:51:58 +0200

Changed in cryptsetup:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers