Public bug reported:
Binary package hint: seahorse
When changing the passphrase used to encrypt a secret key, Seahorse asks
you for the new passphrase using a "password" field (i.e., what you type
isn't shown on the screen), and _doesn't_ ask for a confirmation (i.e.,
typing the passphrase twice).
Passphrases are supposed to be long, so it's very easy to mistype during
one. So it's perfectly possible to turn your key unusable by encrypting
it with a typo in your passphrase.
(I noticed this when I—of course—lost a password by mistyping a
passphrase in the "change passphrase" dialog. I'm sure the same applies
for creating new keys, though it's less grave because you have a chance
to notice before you use the key. The changing passphrase is nasty
because you can loose a valuable key this way.)
Note: While theoretically you could find the passphrase when you know
the intended one and that the difference is just a small typo, by brute-
force search around the correct passphrase, there are no tools readily
available to do that.
** Affects: seahorse (Ubuntu)
Importance: Undecided
Status: New
--
seahorse asks for new passphrases just once
https://bugs.launchpad.net/bugs/190278
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
