Re: [Duplicity-talk] Password input double check?

[Ben Escoto]

>>>>> "DR" == David Rigel <address@hidden>
>>>>> wrote the following on Wed, 13 Aug 2003 23:44:07 +0200

  DR> Hi I've searched the mail archives about this topic with no
  DR> luck. However, I guess that this must been commented
  DR> before. Sorry if this is a dupe.

Nope, it's new to me, although maybe a no-brainer in retrospect.

  DR>  When making a backup, the function get_passphrase() reads the
  DR> user password used to encrypt the file. If the environment
  DR> variable PASSPHRASE is not set, then it tries to get it from
  DR> user using getpass.

  DR>  The problem is: it does not double check it! What if the user
  DR> mispells the passphrase? Then the backup is useless
  DR> (unrecoverable). That's why GPG asks twice for the
  DR> passphrase. It aborts when the strings do not match. And note
  DR> that this is quite a common issue when using long passphrases.

I guess I was never bothered by this because I would never type my
passphrase in.  But fixed now in CVS I think.  You can get the patch
at:

http://savannah.nongnu.org/cgi-bin/viewcvs/duplicity/duplicity/duplicity-bin.diff?r1=1.16&r2=1.17

(Apply it to your "duplicity" script if you have the packaged version
and not CVS.)


-- 
Ben Escoto

pgpex9Q1xdXC3.pgp
Description: PGP signature