#22 Not-display password mechanisms for encripted archives

closed
nobody
None
5
2008-07-07
2008-07-07
Date
No

There is security bug in creation method of encripted archives: password for it's is stored in shell history.

Therefore I want to suggest two ways to correct it:
1) autoerase command line from history after archive created.
2) enquiry for password to encript with "no echo" manner.

Discussion

  • my space
    my space
    2008-07-07

    • status: open --> closed
     
  • my space
    my space
    2008-07-07

    Logged In: YES
    user_id=336051
    Originator: NO

    I agree that a command like : 7za a -pmy_password archive.7z a_file
    is stored in shell history.

    If you want "no echo" manner : 7za a -p archive.7z a_file
    and ask to "Enter password (will not be echoed)" to enter your password.

     
  • wnefal
    wnefal
    2013-01-28

    It is not only in history, it is also visible in the processlist which makes it impossible to use it in scripts in a safe way.

    For the history thing, with bash for example you can disable history

    $ HISTCONTROL=ignorespace
    $ 7za

    (Note the space at the beginning of the line)