Password security on the command line
Password security on the command line
I have a concern that may need to be a feature request, but I wanted to get a feel for how relevant it was here first. It appears to me that the only method to supply a password to fsarchiver for encryption/decryption is to pass it in plaintext on the command line via the -c option. Unless the user goes out of their way to avoid it, this leaves the plaintext password rattling around in .bash_history. Is there a way to get fsarchiver to prompt for the password securely after the command is run? If not, is there another way to handle this that might alleviate my worries?
Re: Password security on the command line
This trivial modification has been added the the stable branch in the git repository, and it will be part of fsarchiver-0.6.11.
You just have to use "-c -" and it will prompt for a password in the terminal.
You can get the sources this way:
You just have to use "-c -" and it will prompt for a password in the terminal.
You can get the sources this way:
Code: Select all
cd /var/tmp
git clone git://fsarchiver.git.sourceforge.net/gitroot/fsarchiver/fsarchiver fsarchiver-git
cd fsarchiver-git
git checkout stable
./autogen.sh && ./configure && make
Re: Password security on the command line
Awesome! Thank you.
Re: Password security on the command line
Good, could you test it and confirm that it works for you ?
It should ask the password twice when you create an archive, and once when you restore it.
Of course it should complain if the two passwords are not the same or too short/long.
It should ask the password twice when you create an archive, and once when you restore it.
Of course it should complain if the two passwords are not the same or too short/long.
Re: Password security on the command line
Certainly - it may take me a week or so however. I'll let you know how it goes.
Re: Password security on the command line
fsarchiver-0.6.11 has been released (as well as SystemRescueCd-1.6.4 which has it) and it has that feature.
Re: Password security on the command line
Apologies for not getting back to you, but I've been using this feature ever since and it works like a charm. Thanks again.