#22 Not-display password mechanisms for encripted archives

closed
nobody
None
5
2008-07-07
2008-07-07
Date
No

There is security bug in creation method of encripted archives: password for it's is stored in shell history.

Therefore I want to suggest two ways to correct it:
1) autoerase command line from history after archive created.
2) enquiry for password to encript with "no echo" manner.

Discussion

  • my space

    my space - 2008-07-07
    • status: open --> closed
     
  • my space

    my space - 2008-07-07

    Logged In: YES
    user_id=336051
    Originator: NO

    I agree that a command like : 7za a -pmy_password archive.7z a_file
    is stored in shell history.

    If you want "no echo" manner : 7za a -p archive.7z a_file
    and ask to "Enter password (will not be echoed)" to enter your password.

     
  • wnefal

    wnefal - 2013-01-28

    It is not only in history, it is also visible in the processlist which makes it impossible to use it in scripts in a safe way.

    For the history thing, with bash for example you can disable history

    $ HISTCONTROL=ignorespace
    $ 7za

    (Note the space at the beginning of the line)

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks