Don't print user-unfriendly luks key at unlock prompt
Open, LowPublic

Description

"Please unlock disk luks-2312392131231-12312-123123" → "Please unlock your device"

d3vid added a subscriber: d3vid.May 18 2018, 10:15 AM

Is it possible to just make the name friendlier? Perhaps name it on installation ($SYSTEMNAME-disk) or display it like a credit card: "disk ending -1234".

This assumes that the name is authenticated in some way. If not, displaying the name is pointless.

Thanks for your input :)

Unfortunately, leaking the name of the system would probably leak the user's name which seems sub-optimal from a privacy point of view.

I did also try truncating the long names too but it was still unfriendly compared to the far slicker:

(ie. saying -1234 is really kinda useless to the end user and is overly distracting detail)

You can always get the entire, full, nerdy details if you press ESC.

User-friendly or paranoid? Why not both? Sounds great :D

(I think I'm misparsing, we can get both with the above!)

I understand, my comment was meant to be, er, self-answering or something.

I spoke with the cryptroot maintainers in Debian and they are planning a bit of rewrite within the next week, so I won't immediately work on this as the patches won't apply.

d3vid added a comment.Nov 22 2018, 6:35 PM

Non-urgent ping? Every time I boot I'm hoping to see it. (Only after an upgrade, otherwise that would be *truly* wishful thinking.)

ACK and I even looked at this ticket yesterday - we are still semi-blocking on the cryptroot and other refactorings in the Debian stuff but after that we will be able to merge this quickly. :)

and, as luck has it, we have movement there:

https://tracker.pureos.net/T462#11530

Add Comment