http://bugzilla.novell.com/show_bug.cgi?id=538853 Summary: Incorrect password in LUKS (encrypted /home) results in erroneous behavior Classification: openSUSE Product: openSUSE 11.2 Version: Milestone 7 Platform: x86 OS/Version: All Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: geo@ulduzsoft.com QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.1) Gecko/20090714 SUSE/3.5.1-3.1 Firefox/3.5.1 If a /home is created encrypted, LUKS is asking a password during the boot before /home is mounted. If the password is incorrect, it immediately asks for another password again, but in 3-5 seconds an error (cannot insert module) pops up, entered part of password is cleared, and the LUKS us asked for password again. If the password is still being typed at the moment the error is shown, everything typed is shown on screen. Tried with 18-character password. Now if the correct password is entered, LUKS still shows "enter the password:" prompt, which then gets disregarded automatically once the volume is unlocked. This confuses users. Reproducible: Always Steps to Reproduce: 1. Create an installation with encrypted /home. Use long (18-20 characters) password. 2. Once rebooted, type the part of password, type a wrong letter, then press "enter" to disregard the old password (typical user behavior when they cannot remember how many times they actually typed the letter) 3. When a new "enter the password" line is shown, immediately try to enter it again (try to type 2-3 keys a second). At some point there will be an error message, and all the keys pressed at this moment will be shown on screen (security issue). Then another "enter the password" line shows on screen, and you have to retype everything again. 4. If now you type a valid password, you'll see the "enter the password" line again. It will disappear in a few seconds, but it confuses users. Expected Results: It should only show "enter the password" line when it's actually reading the password from the terminal. It should not show this line before the password has been verified (in this case no line should be shown) or found invalid (in this case the line should only be shown after the password is known to be invalid). As a side note, the "error loading kernel module" and "no slots unlocked" are hard to understand for a regular user. Some "invalid password" message would be helpful. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.