Page 1 of 1

Password security on the command line

Posted: Sun Oct 31, 2010 8:49 am
by furball4
I have a concern that may need to be a feature request, but I wanted to get a feel for how relevant it was here first. It appears to me that the only method to supply a password to fsarchiver for encryption/decryption is to pass it in plaintext on the command line via the -c option. Unless the user goes out of their way to avoid it, this leaves the plaintext password rattling around in .bash_history. Is there a way to get fsarchiver to prompt for the password securely after the command is run? If not, is there another way to handle this that might alleviate my worries?

Re: Password security on the command line

Posted: Sun Nov 21, 2010 4:33 pm
by admin
This trivial modification has been added the the stable branch in the git repository, and it will be part of fsarchiver-0.6.11.
You just have to use "-c -" and it will prompt for a password in the terminal.

You can get the sources this way:

Code: Select all

cd /var/tmp
git clone git://fsarchiver.git.sourceforge.net/gitroot/fsarchiver/fsarchiver fsarchiver-git
cd fsarchiver-git
git checkout stable
./autogen.sh && ./configure && make

Re: Password security on the command line

Posted: Sun Nov 21, 2010 7:26 pm
by furball4
Awesome! Thank you.

Re: Password security on the command line

Posted: Sun Nov 21, 2010 10:28 pm
by admin
Good, could you test it and confirm that it works for you ?
It should ask the password twice when you create an archive, and once when you restore it.
Of course it should complain if the two passwords are not the same or too short/long.

Re: Password security on the command line

Posted: Mon Nov 22, 2010 4:52 am
by furball4
Certainly - it may take me a week or so however. I'll let you know how it goes.

Re: Password security on the command line

Posted: Wed Dec 01, 2010 12:04 pm
by admin
fsarchiver-0.6.11 has been released (as well as SystemRescueCd-1.6.4 which has it) and it has that feature.

Re: Password security on the command line

Posted: Thu Dec 27, 2012 4:53 am
by furball4
Apologies for not getting back to you, but I've been using this feature ever since and it works like a charm. Thanks again.