andOTP icon indicating copy to clipboard operation
andOTP copied to clipboard

Published 20 hours ago verified publisher icon andOTP

Default backup password can be less than len(6)

Open trysten opened this issue 2 years ago • 1 comments

General information

  • App version: 0.9.0.1-play
  • Android Version: 9

Expected result

What is expected? password length requirement is enforced everywhere

What does happen instead? minimum length is not enforced in Settings -> Backup Password

Steps to reproduce

  • Go to settings -> Backup Password and set a short password (len<6)

This is the continuation of my comment on #168. I assume this is how I got myself into that situation. I'm still thinking that the cheap hack of removing the length limit on the decryption secret entry is a good way to prevent more user frustration. We don't know how many backups with short secrets are out there.

trysten avatar Dec 17 '21 20:12 trysten

I wanna try to fix this. @flocke, is it ok to disable the length validation when attempting to restore an encrypted backup? Then we also enable the missing length validation in Settings -> Backup password.

UPDATE: I'm halfway through. Already disabled the length validation when in ENTER mode, but not when in UPDATE mode. Now I just gotta add the missing validation.

o-alquimista avatar Feb 04 '22 22:02 o-alquimista