Password security on the command line

[furball4]

I have a concern that may need to be a feature request, but I wanted to get a feel for how relevant it was here first. It appears to me that the only method to supply a password to fsarchiver for encryption/decryption is to pass it in plaintext on the command line via the -c option. Unless the user goes out of their way to avoid it, this leaves the plaintext password rattling around in .bash_history. Is there a way to get fsarchiver to prompt for the password securely after the command is run? If not, is there another way to handle this that might alleviate my worries?

[admin]

This trivial modification has been added the the stable branch in the git repository, and it will be part of fsarchiver-0.6.11.
You just have to use "-c -" and it will prompt for a password in the terminal.

You can get the sources this way:

Code: Select all

cd /var/tmp
git clone git://fsarchiver.git.sourceforge.net/gitroot/fsarchiver/fsarchiver fsarchiver-git
cd fsarchiver-git
git checkout stable
./autogen.sh && ./configure && make

[furball4]

Awesome! Thank you.

[admin]

Good, could you test it and confirm that it works for you ?
It should ask the password twice when you create an archive, and once when you restore it.
Of course it should complain if the two passwords are not the same or too short/long.

[furball4]

Certainly - it may take me a week or so however. I'll let you know how it goes.

[admin]

fsarchiver-0.6.11 has been released (as well as SystemRescueCd-1.6.4 which has it) and it has that feature.

[furball4]

Apologies for not getting back to you, but I've been using this feature ever since and it works like a charm. Thanks again.