Ubuntu

Cryptsetup passphrase prompt during boot: every character typed repeats the prompt

Reported by starslights on 2010-04-19
222
This bug affects 37 people
Affects Status Importance Assigned to Milestone
plymouth (Ubuntu)
Medium
Surbhi Palande
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Surbhi Palande
Oneiric
High
Unassigned

Bug Description

Ubuntu Server 20100419.1 (RC candidate), installed with LVM encrypted partitions.

You get a text-based password prompt (as expected) but when you type in your passphrase, for each character you type, the prompt is displayed again on the next line:

original prompt:
Unlocking the disk ... (sda5_crypt)
                             Enter passphrase: :

Typing the first character of the passphrase results in the following display:
Unlocking the disk ... (sda5_crypt)
Unlocking the disk ... (sda5_crypt)
                             Enter passphrase: :*

Note that this doesn't prevent the unlocking from being successful.

tags: added: iso-testing
Thierry Carrez (ttx) wrote :

Not a bug in ubiquity, maybe a bug in plymouth, adapting title/description

affects: ubiquity (Ubuntu) → plymouth (Ubuntu)
Changed in plymouth (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
summary: - new ligne create when a key are typed when passphrase are prompt Lucid
- server
+ Ubuntu Server Encrypted LVM password prompt: every character typed
+ repeats the prompt
Thierry Carrez (ttx) on 2010-04-21
description: updated

the same bug is present in regular desktop installs when you boot without the splash and quiet commands

but as already mentioned, it does not hinder the unlock process

ilf (ilf) wrote :

I am also experiencing this on both my machines after upgrade to Lucid 10.04 Release.

This is not only annoying, but I consider this a security bug: Now the amount of characters in the passphrase is echoed (with starts), before it was silent like sudo f.e.

I would really like a fix for this.

plymouth 0.8.2-2ubuntu2
cryptsetup 2:1.1.0~rc2-1ubuntu13

Diethelm Velten (reisswolf) wrote :

The title of this bug is wrong: It does not only affect LVM and not only the server edition. I have this problem on 10.04 desktop edition without LVM.

The description is also incorrect. The process is as follows:

Unlocking the disk ... (sda5_crypt)
Enter passphrase: :*
Unlocking the disk ... (sda5_crypt)
Enter passphrase: :**
Unlocking the disk ... (sda5_crypt)
Enter passphrase: :***
Unlocking the disk ... (sda5_crypt)
Enter passphrase: :****
Unlocking the disk ... (sda5_crypt)

I have the problem with a crypted / partition. Becomes visible when deleting splash quiet in the kernel options line of grub.cfg.

This bug should be associated with the cryptsetup package.

Contrary to Matt (#2), this happens also with "quiet" as boot option.
So it seems to happen throughout Lucid with encrypted disks in /etc/crypttab and without splash screen.
Did I mention this it quite annoying? :)

summary: - Ubuntu Server Encrypted LVM password prompt: every character typed
+ [Lucid] cryptsetup passphrase prompt during boot: every character typed
repeats the prompt
Martin Polden (martin-polden) wrote :

I'm experiencing this bug aswell on Ubuntu 10.04 LTS and encrypted LVM on mdadm RAID1.
"Unlocking the disk ..." is echoed for every keystroke during boot.

plymouth 0.8.2-2ubuntu2
cryptsetup 2:1.1.0~rc2-1ubuntu13

Is there fix a for this bug? It doesn't hinder the unlock process, but it's highly annoying if you have a long passphrase.

Volans (volans) wrote :

Any news on this bug?
I'm experiencing it as well and in the meantime the 10.04.1 was released.

As mentioned by ilf the passphrase length is now visibile. There is a way to restore the "silent" mode?

Changed in plymouth (Ubuntu Lucid):
status: New → Confirmed
importance: Undecided → Medium
Changed in plymouth (Ubuntu Maverick):
status: Confirmed → New
importance: Medium → Undecided
Andreas Olsson (andol) wrote :

Based on bug #630191 I am marking this as confirmed in Maverick as well.

Changed in plymouth (Ubuntu Maverick):
status: New → Confirmed
importance: Undecided → Medium
Martin Polden (martin-polden) wrote :

This bug is still present in 10.10 beta, I'm guessing it won't be fixed in time for the final version of 10.10?

I have a similar problem when trying to use Recovery Mode on Ubuntu 10.04, maybe it is related to this one. I did a script to run automatically when the Recovery Mode option is selected on boot. It was working fine for a while on 10.04, but after some updates (unfortunately I can't remember exactly which ones) the prompt got crazy. When asking for passwords it has the behavior described here every character you type it shows the password prompt again. Also when my script asks for input (through read -e) I cannot see what I am typing and I have to press ENTER twice in every entry to continue.

Jeff Lane (bladernr) wrote :

Still present in the final bits for 10.10 (just tested on server w/ encrypted LVM)

ilf (ilf) wrote :

I can confirm that this is still present on a freshly upgraded Maverick release.
The importance should be increased, since as I said in #3, this is not only annoying, but a security implication, displaying how many characters my passphrase consists of.
I hope we don't have to wait for another release to finally fix this.

vroetman (vroetman) wrote :

Is this related to Bug 546251?

bastafidli (ubuntu-bastafidli) wrote :

I have the same problem on Maverick 10.10 from alternate cd. At first I don't see the password prompt at all. I have to modify the boot line and include "nomodeset noplymouth" to get the password prompt and then it repeats as described above.

ilf (ilf) wrote :

Until now I only used upgraded Ubuntu versions and thought it might be some old config.
But no, this is present on a freshly installed Maverick, too!

Cosmin L (lcosmin) wrote :

The attached patch solved the issue on my computer; take precautions if you want to apply it on other machines (it's not very well tested and I don't know if it interferes with the graphical boot process - i'm on a 10.04 server install)

After applying, regenerate the initrd images:

update-initramfs -k all -c

tags: added: patch
papukaija (papukaija) on 2011-03-31
summary: - [Lucid] cryptsetup passphrase prompt during boot: every character typed
- repeats the prompt
+ Cryptsetup passphrase prompt during boot: every character typed repeats
+ the prompt
tags: added: lucid maverick natty
Benjamin Schmid (benbuntu) wrote :

I experience the same issue in maverick and natty too, unless plymouth-text is installed and the kernel has the "quiet" parameter.

The patch from DragonK just disables the plymouth text output generally. So it will only serve as workaround but probably not as a final solution.

Bryce Harrington (bryce) wrote :

[Unmarking patch as solution, as per previous comment (to which I concur)]

Surbhi Palande (csurbhi) on 2011-04-13
Changed in plymouth (Ubuntu Natty):
assignee: nobody → Surbhi Palande (csurbhi)
Dave Walker (davewalker) on 2011-04-13
tags: added: server-nro
Surbhi Palande (csurbhi) wrote :

During boot, Ubuntu uses the "details" plugin to display the entered password prompt and the bullets. The trouble is that in initramfs the cryptroot script makes the password prompt _two_ lined. The "details" plugin clears only the current line and then overwrites the password prompt string on the cleared line. The effect of this is that the _second_ line in the password prompt always gets overwritten. Thus on every key input, the first line overwrites the previously displayed second line (printed due to the previous key press). Thus you see the first line repeated over and over again with every keypress.

The solution to this could be one of the following:
1) make the password prompt single line
2) clear the whole screen instead of clearing a single line before writing the password prompt.
3) append the bullets instead of the line
4) clear in some way the previous line.
IMHO, the disadvantage of 1,3,4 is that in case you boot with plymouth:debug, the password prompt would still be repeated (as you will have debug messages interleaved and what you clear is different than what you intended to). Clearing the screen would on the other hand cause a clearing of screen with every keypress and wipe out any debug messages that you could be interested in.
Shall soon upload a patch with a appropriate solution.

Steve Langasek (vorlon) wrote :

Hi Surbhi,

Thanks, that concurs with my own analysis here.

> 1) make the password prompt single line

impractical without losing information the user may need in order to correctly identify the volume they're being prompted for the password on

> 2) clear the whole screen instead of clearing a single line before writing the password prompt.

but I guess that means any other messages will be lost, some of which might be important - for instance, what if the user types a passphrase, the disk fails to unlock and cryptsetup displays an error message then reprompts. I guess the user will only see the prompt?

> 3) append the bullets instead of the line

This seems pretty much ideal to me. Otherwise, could the details plugin parse the prompt for newlines and only redraw the bit after the last line? Or is that jumping too many abstraction layers?

Steve Langasek (vorlon) wrote :

I see that a cryptsetup package has been uploaded to the freeze queue that implements solution #1. This is a significant regression for any plymouth theme *except* for the details theme, because the "echo" of the first line will never be shown at all when a graphical theme is in use. Since cryptsetup has no knowledge of what plymouth theme is in use, a solution needs to be found here that works equally well for text and graphical plymouth themes.

I've rejected the package due to the above regression.

Surbhi Palande (csurbhi) wrote :

@Steve Langasek,
Thanks for your insight. I agree with your comments. I have uploaded a patch to plymouth::details/plugin.c to print only the last line of the password prompt.

Changed in plymouth (Ubuntu Natty):
milestone: none → natty-updates
Changed in plymouth (Ubuntu Oneiric):
status: New → Confirmed
importance: Undecided → High
Clint Byrum (clint-fewbar) wrote :

Hi Surbhi, in reviewing the upload to natty-proposed, I notice that the LP: bug reference is slightly mis-formatted, resulting in a few tools not picking up the bug reference, including dpkg, so there are no Launchpad-Bugs-Fixed: headers in your .changes file.

I hate to reject the package for such a nit, but this has some cascading effects so I am going to reject it. Please just add a space between : and # and re-upload, I'll accept right away (the rest looks good)

On Tue, Apr 26, 2011 at 06:46:38PM -0000, Clint Byrum wrote:
> Hi Surbhi, in reviewing the upload to natty-proposed, I notice that the
> LP: bug reference is slightly mis-formatted, resulting in a few tools
> not picking up the bug reference, including dpkg, so there are no
> Launchpad-Bugs-Fixed: headers in your .changes file.

> I hate to reject the package for such a nit, but this has some cascading
> effects so I am going to reject it. Please just add a space between :
> and # and re-upload, I'll accept right away (the rest looks good)

Reuploaded.

Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
<email address hidden> <email address hidden>

Accepted plymouth into natty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in plymouth (Ubuntu Natty):
status: Confirmed → Fix Committed
tags: added: verification-needed
Simon Hirscher (codethief) wrote :

The bug is hasn't disappeared for me, although I can say that there was one time (this morning) it actually didn't occur.

installed natty server clean and was able to reproduce the issue

after installing the proposed fix, lvm accepted the password without error

no regressions identified

v-done

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package plymouth - 0.8.2-2ubuntu23

---------------
plymouth (0.8.2-2ubuntu23) natty-proposed; urgency=low

  * details/plugin.c: On every key stroke, the "details" plugin in plymouth
    clears only the current line before overwriting it with the password
    prompt. If the prompt is multilined then the last line ends up being
    overwritten but the previous lines are repeated. Re-printing only the
    last line of the password prompt on every keystroke. (LP: #566818)
  * details/plugin.c: Removed the explicit printing of ':'. Expected to be a
    part of the prompt.
 -- Surbhi Palande <email address hidden> Thu, 21 Apr 2011 09:54:07 +0300

Changed in plymouth (Ubuntu Natty):
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

Copied to oneiric as well.

Changed in plymouth (Ubuntu Oneiric):
status: Confirmed → Fix Released
ilf (ilf) wrote :

I can confirm the new package fixed the newline issue.

But my general problem from #3 remains:
"Now the amount of characters in the passphrase is echoed (with stars), before it was silent like sudo f.e."

The amount of characters typed is still displayed with starts, this should be empty.

On Fri, May 06, 2011 at 01:21:23PM -0000, ilf wrote:
> The amount of characters typed is still displayed with starts, this
> should be empty.

well, that's a separate request to change the behavior; please file a new
bug report for this.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
<email address hidden> <email address hidden>

ilf (ilf) wrote :

So the cosmetic problem is fixed, the security issue ignored? Whoah.

Should the new bug be against plymouth or cryptsetup?

Steve Langasek (vorlon) wrote :

On Fri, May 06, 2011 at 05:07:26PM -0000, ilf wrote:
> So the cosmetic problem is fixed, the security issue ignored? Whoah.

I would hardly call this a security problem. It is, in any case, a design
decision common to *all* the plymouth themes - unlike this bug, which was
about an incorrect rendering issue with one particular theme.

> Should the new bug be against plymouth or cryptsetup?

Plymouth.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
<email address hidden> <email address hidden>

ilf (ilf) wrote :

There's a reason sudo and cryptsetup don't echo anything. It's called security.

Anyways, here's the new bug: https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/778659

Martin Pitt (pitti) wrote :

ilf [2011-05-06 18:00 -0000]:
> There's a reason sudo and cryptsetup don't echo anything. It's called
> security.

plymouth, gnome-keyring, network-manager, etc. do echo stars for
providingbetter visual feedback for verifying that keystrokes work,
etc., which reduces a lot of confusion.

Out of interest, in which use case does it improve security to not
show the length of the password? If someone is standing behind you
while you type a password, he will learn more from watching your
fingers on the keyboard or just listening for the number of
keystrokes. With remote EM gauging you can construct the contents of
the display just as well as the number of keystrokes on the keyboard.

--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)

Hans Zehntner (j50k) wrote :

>Out of interest, in which use case does it improve security to not
>show the length of the password?

Just setting up Ubuntu Server 11.04 with Full Disk Encryption (through Installer).
Besides this annoying echoing the password length is written to tty7, where anyone with physical access can read it long after booting up.

Martin Pitt (pitti) wrote :

Hans Zehntner [2011-05-16 15:13 -0000]:
> Besides this annoying echoing the password length is written to
> tty7, where anyone with physical access can read it long after
> booting up.

Then this is the bug we should fix, i. e. clear it after the password
was entered.

ilf (ilf) wrote :

This is only partly fixed.
When the prompt is cleared, it still prints a new line.
See hitting <ESC> when empty, or ^U at any stage.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers