Comment 0 for bug 263634

Binary package hint: usplash

Since cryptsetup 2:1.0.6-6ubuntu1 (intrepid), cryptsetup now uses usplash to ask the passphrase. If you switch to console 1, and then switch back to console 8, you'll see that your password was echoed in the console, in plain text.

Pre-requisites :
Having a configured cryptsetup with a luks partition and applying the patch provided in bug 139363 to re-enable cryptsetup password through usplash.

Steps to reproduce :
1. Reboot your computer
2. When asked by usplash, type your password, but don't press "enter" to validate your password.
3. Switch to tty 1 with CTRL + ALT + F1
4. Switch back to the usplash tty with CTRL + ALT + F8

Result :
The password is written in plain text in the console tty8.

Strangely, this bug can't be reproduced with LVM cryptsetup installation that comes with hardy alternate install CD. "cryptroot" which is started by initramfs is almost identical to the patch in bug 139363 but the final result differ for two things :

1. The password never appears in the console.
2. asterisks appears as you type the password, instead of appearing only once you pressed "enter"

The fact that one is started inside initramfs and that the other one is started during the init.d boot sequence seems to have an impact on this bug.