-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
implement showing password prompt if password not provided #21
Conversation
implements feature cryptomator#11
String password = ""; | ||
Console console = System.console(); | ||
if (console == null) { | ||
LOG.warn("No console: non-interactive mode, instead use insecure replacement, PW is shown!"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like this warning :)
Looks good so far. Nice clean style. @markuskreusch will do a full review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All fine except usage of isRegularFile. I know we did that before those changes but if we touch the code anyway we can just fix it.
|
||
@Override | ||
public void validate() throws IllegalArgumentException { | ||
if (!Files.isReadable(pathToFile) || !Files.isRegularFile(pathToFile)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
isRegularFile
is not a valid way to check if a path belongs to a file. This could cause problems in some (rare) cases.
@overheadhunter Remeber what we currently use as replacement for isRegularFile
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, if there is something you prefer, so tell me.
This condition is currently used in:
if (Files.isReadable(vaultPasswordPath) && Files.isRegularFile(vaultPasswordPath)) { |
so this line is just copied and negated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remeber what we currently use as replacement for isRegularFile?
We're using Files.isReadable()
now.
@@ -133,4 +114,26 @@ public static void printUsage() { | |||
new HelpFormatter().printHelp(USAGE, OPTIONS); | |||
} | |||
|
|||
public PasswordStrategy addPasswortStrategy(final String vaultName) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if we actually need this method. I am aware it is used in CryptomatorCli.validate
but in fact think we should move the whole validation stuff into the Args class. Args.parse
should fail with exceptions if the provided args are invalid.
Nothing to be done in the related PR though, so OK for now.
LOG.warn("No console: non-interactive mode, instead use insecure replacement, PW is shown!"); | ||
|
||
BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); | ||
LOG.info("Enter password: "); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Printing the prompt through a LOG
call only works well if logging is done to stdout. Maybe we should explicitly use stdout / the console to prompt for the password? Not a problem as long as we do logging the way we do it now. So must not be adressed to merge this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right, I will change this.
@markuskreusch I want to ask you about the time point the password is entered in the case password is read from standard input What do you think? |
Of course we try to have the password as short a time as possible in memory, but even afterwards the derived key would be in memory for as long as the vault is unlocked. An attacker able to create memory dumps would still be able to use this key to decrypt the data. In other words, if the machine is already compromised, all is lost. So in my opinion it is acceptable to have the password in memory for a longer period, if it serves a purpose. |
@markuskreusch, @overheadhunter hi, could you have a look at the changes |
I am really sorry for the delay. Forgot about this during the holidays. |
implements feature #11