seahorse asks for new passphrases just once
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| seahorse |
Confirmed
|
Unknown
|
|||
| seahorse (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: seahorse
When changing the passphrase used to encrypt a secret key, Seahorse asks you for the new passphrase using a "password" field (i.e., what you type isn't shown on the screen), and _doesn't_ ask for a confirmation (i.e., typing the passphrase twice).
Passphrases are supposed to be long, so it's very easy to mistype during one. So it's perfectly possible to turn your key unusable by encrypting it with a typo in your passphrase.
(I noticed this when I—of course—lost a password by mistyping a passphrase in the "change passphrase" dialog. I'm sure the same applies for creating new keys, though it's less grave because you have a chance to notice before you use the key. The changing passphrase is nasty because you can loose a valuable key this way.)
Note: While theoretically you could find the passphrase when you know the intended one and that the difference is just a small typo, by brute-force search around the correct passphrase, there are no tools readily available to do that.
| Andrew Starr-Bochicchio (andrewsomething) wrote | #1 |
| Changed in seahorse: | |
| status: | Unknown → Confirmed |
Linked upstream bug report.