implement showing password prompt if password not provided #21
Conversation
implements feature cryptomator#11
|
|
| String password = ""; | ||
| Console console = System.console(); | ||
| if (console == null) { | ||
| LOG.warn("No console: non-interactive mode, instead use insecure replacement, PW is shown!"); |
|
Looks good so far. Nice clean style. @markuskreusch will do a full review |
|
|
||
| @Override | ||
| public void validate() throws IllegalArgumentException { | ||
| if (!Files.isReadable(pathToFile) || !Files.isRegularFile(pathToFile)) { |
There was a problem hiding this comment.
isRegularFile is not a valid way to check if a path belongs to a file. This could cause problems in some (rare) cases.
@overheadhunter Remeber what we currently use as replacement for isRegularFile?
There was a problem hiding this comment.
OK, if there is something you prefer, so tell me.
This condition is currently used in:
so this line is just copied and negated
There was a problem hiding this comment.
Remeber what we currently use as replacement for isRegularFile?
We're using Files.isReadable() now.
| @@ -133,4 +114,26 @@ public static void printUsage() { | |||
| new HelpFormatter().printHelp(USAGE, OPTIONS); | |||
| } | |||
|
|
|||
| public PasswordStrategy addPasswortStrategy(final String vaultName) { | |||
There was a problem hiding this comment.
Not sure if we actually need this method. I am aware it is used in CryptomatorCli.validate but in fact think we should move the whole validation stuff into the Args class. Args.parse should fail with exceptions if the provided args are invalid.
Nothing to be done in the related PR though, so OK for now.
| LOG.warn("No console: non-interactive mode, instead use insecure replacement, PW is shown!"); | ||
|
|
||
| BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); | ||
| LOG.info("Enter password: "); |
There was a problem hiding this comment.
Printing the prompt through a LOG call only works well if logging is done to stdout. Maybe we should explicitly use stdout / the console to prompt for the password? Not a problem as long as we do logging the way we do it now. So must not be adressed to merge this.
There was a problem hiding this comment.
You are right, I will change this.
|
@markuskreusch I want to ask you about the time point the password is entered in the case password is read from standard input What do you think? |
Of course we try to have the password as short a time as possible in memory, but even afterwards the derived key would be in memory for as long as the vault is unlocked. An attacker able to create memory dumps would still be able to use this key to decrypt the data. In other words, if the machine is already compromised, all is lost. So in my opinion it is acceptable to have the password in memory for a longer period, if it serves a purpose. |
|
@markuskreusch, @overheadhunter hi, could you have a look at the changes |
|
I am really sorry for the delay. Forgot about this during the holidays. |
implements feature #11