VeraCrypt icon indicating copy to clipboard operation
VeraCrypt copied to clipboard

Published 20 hours ago verified publisher icon veracrypt

PIM is exposed during command-line mode input

Open nemoinis opened this issue 3 years ago • 2 comments

(this is transferred from SourceForge Veracrypt Ticket #421)

veracrypt's GUI hides the PIM number (if used) during input; veracrypt's documentation warns about passing the PIM as a command-line option: "Note that passing a PIM on the command line is potentially insecure as the PIM may be visible in the process list (see ps(1)) and/or stored in a command history file or system logs"

However, veracrypt command line mode with the --text option, echoes the PIM number as it is typed in the terminal (whereas the password is properly hidden during input.)

This is Veracrypt 1.24Update7 on Debian/Ubuntu.

nemoinis avatar Apr 01 '21 17:04 nemoinis

Keyring is a good way to store secrets in OS-s. https://stackoverflow.com/questions/14756352/how-is-python-keyring-implemented-on-windows

mrx23dot avatar Feb 21 '22 09:02 mrx23dot

Keyring is a good way to store secrets in OS-s. https://stackoverflow.com/questions/14756352/how-is-python-keyring-implemented-on-windows What does this have to do with my bug report? I'm reporting a specific issue with VC on Linux, not inquiring about other software on other operating systems.

nemoinis avatar Feb 24 '22 18:02 nemoinis