ecryptfs team mailing list archive

Thread
Date
[Bug 359997] Re: Improve record-your-passphrase dialog

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: PhysicsDan <beakdan@xxxxxxxxx>
Date: Wed, 10 Feb 2010 00:44:51 -0000
Reply-to: Bug 359997 <359997@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
It sounds like many people are making the same mistake I did: they read
the dialog, and believe that they are being ASKED for a passphrase that
will be used to encrypt their home folder.  In fact, that password has
ALREADY BEEN MADE, and this is merely giving you the opportunity to VIEW
that password so that you can record it for safekeeping.

There are two factors that contribute to this impression:

1) the dialog opens with "To encrypt your home directory or "Private"
folder" - the use of the word "to" at the beginning of the sentence
implies future tense- ie, the user believes that this is an action which
is ABOUT to occur, not one that has occurred already.

2) in the dialog, reference is made to "your user password", but after
clicking the button, the screen reads "Passphrase:", which further
implies that the user is ENTERING a passphrase that will be used for
encryption.

Yes, the dialog box does say "Enter your user password at the
"Passphrase" prompt.", but as a rule, people speed-read dialog boxes,
and so the overall impression can easily be the one many users have
expressed here.

I know that I believed I was being asked for a passphrase, which i
picked out, dutifully wrote down and then entered.  I was shocked that I
was only asked for it once- normally you're required to enter a new
password twice to eliminate spelling errors.  I received an error
message, but I thought that there was an error with the program, and
that I'd need to track the bug down later, but I didn't need to rush.
After all, since my files hadn't been encrypted yet, I could take care
of this at my leisure.

SUGGESTED FIX:

I'd suggest something that puts people in the right frame of mind from
the outset, a la:

********************************************
Congratulations!  Your home directory has been encrypted, and your personal data is secure in the event of theft or loss.  Usually your directory is unlocked with your user password, but if you ever need to manually recover this directory, you will need this passphrase. Please print or write it down and store it in a safe location.

To see your passphrase now, click the button below.  You will be required to enter your login password.  If you need to record your passphrase in the future, just run the "ecryptfs-unwrap-passphrase" command in a terminal.
=======================
See my passphrase now | Close without viewing passphrase |
=======================
*******************************************

I suggest that a change should be made to the "ecryptfs-unwrap-
passphrase" command so that it requests "Password for $USER".  If an
incorrect password is given, it should say "Sorry, try again".  This is
the expected behavior based on invoking sudo, and it's going to confuse
the user to switch behavior on them.

-- 
Improve record-your-passphrase dialog
https://bugs.launchpad.net/bugs/359997
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in eCryptfs - Enterprise Cryptographic Filesystem: Fix Released
Status in “ecryptfs-utils” package in Ubuntu: Fix Released

Bug description:
After running 'update-manager -d', the 'Information Available' window opened and provided the following message:
=======================
Record your encryption passphrase
To encrypt your home directory or "Private" folder, a strong passphrase has been autogenerated. Usually your directory is unlocked with your user password, but if you ever need to manually recover this directory, you will need this passphrase. Please print or write it down and store it in a safe location.
You can run the "ecryptfs-unwrap-passphrase" command now to do this. Enter your user password at the "Passphrase" prompt.
=======================
Run this action now     |     Close            |
=======================

I don't believe I chose to encrypt my fs when I installed Jaunty!

So I click the 'Run this action now' button and get a terminal window prompt:
Passphrase:

I enter a passphrase, and the terminal disappears.  The previous 'information available' message remains on the screen and doesn't acknowledge that anything has happened.  In fact, I can press the 'Run this action now' button as many times as I like, and enter different passphrases.  I don't get the point of this.  

Also, after entering a passphrase, it doesn't confirm that I didn't make a typo by asking me to re-enter it.