F5 revealing failed boot auth password
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Hi all,
I have installed on HP Elitebook 475 G5 VeraCrypt 1.24-Hotfix-1.
In the boot password phase , it´s very slow on typing the password, so lot of times it happens some key is missed...as I been "too fast".
So when you ie type word "failure" , some character would get lost, and pre-boot auth fails... Only when really typing extremely slow, no characters dissapear. Regardless if writing on the laptop keyboard, or USB via docking station - same result, very slow response and lost character(s)...
Pressing after the failed password verficication the F5 key, (to see what you type), will directly reveal what you typed as password before, what I consider as a major bug - as I have to type password visible, and it shows immediately the failed pass without ability to hide, except to turn off (takes some moment).
Anyone else having this problem?
On different machine (older HP box) with 1.23-Hotfix2 , I do not have this type of behaviour.Typing there a wrong password, and pressing F5 doesn´t print anything.
Hi,
Thank you for sharing this.
I have actually received a private email with a similar report few days ago (was it you?) and I have already implemented a fix for it since this is indeed a bug in the EFI bootloader (https://github.com/veracrypt/VeraCrypt-DCS/commit/1921b89c48680ec0a180adeaab26a23c3e5a3f72).
I have submitted the new EFI bootloader for signing and I'm delaying 1.24-update2 release until I receive it.
Concerning the lost characters in password, this is known to happen with some keyboards that send keys too fast even if the user is not typing very fast (probably they do batch sending). In the EFI bootloader, we have set a 100ms minimal type between 2 key strokes in order to fix issues with keyboards which sends key strokes in double (https://github.com/veracrypt/VeraCrypt-DCS/blob/master/Library/PasswordLib/ConsolePassword.c#L52). So, a key will be ignored if it arrives less than 100 ms after the previous one. This limit works well in the majority of cases and it is the best trade-off we have found. Probably, we can add an option in the future to disable this protection and read keys as they arrive which is know to cause more widespread issues.
Hi Mounir,
I have question about "100ms minimal type between 2 key strokes".
I have plan to use YubiKey for system encryption (my Laptop),
and my boot password have 30 character.
YubiKey will send my boot password immediately to VeraCrypt bootloader, please tell me is it possible to use YubiKey with VeraCrypt regarding "100ms minimal type between 2 key strokes" ?
Thanks :)
@tulip-81: there a are reports of issues with Yubikey linked to this 100ms since Yubikey support a maximum of 60 ms between keystrokes. I have just posted an answer to a thread relared to this issue: https://sourceforge.net/p/veracrypt/discussion/general/thread/4d99b60aa6/#b817
So, until I can do modifications to handle this, it looks like it is possible that you may have issues.
Mounir, thank you for your help :)
Hi Mounir,
that are indeed good news, waiting for the update! And no, I have not wrote a email according my memory, so has to be somebody else.
Any improvement on the typing problem will be very welcome:)
Many thanks!
After upate to 1.24 Update2 the problem with revealing the password is fixed:) Many thanks!
Now as well to get the typing speed improved (if possible) and I´m 100% happy:)