MAC GUI AESCrypt : does not ask for confirmation password !!!

Discussion related to AES Crypt, the file encryption software for Windows, Linux, Mac, and Java.
Post Reply
mastoppa
Posts: 1
Joined: Sun Jun 03, 2018 10:40 am

MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by mastoppa » Sun Jun 03, 2018 11:11 am

Hello and congratulations for the good work on AEScrypt!
I have just downloaded the Mac Gui for Aescrypt and noticed that when you encrypt a file the password is dotted and it doesnt ask to re-enter a confirmation !!!
Imagine if i have a 20 digit random passwords and i have to input it only once and without seeing it...EXTREMELY DANGEROUS!! one little mistake and paf file lost for ever!
i am quite surprised that no one has ever mentioned it!
obviously most of the people must be using for encrypting the command line script where the password can be written or it's asked 2 times...

ah and by the way in the manual about the command line is written that
"In all of the examples above, the password is provided on the command line. Since there are certain risks associated with that kind of usage, it may be preferred to let aescrypt prompt you to enter the password"

what are these risks ??

thanks!

User avatar
paulej
Posts: 525
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by paulej » Sun Jun 03, 2018 3:06 pm

You're right that AES Crypt should be asking for the password twice for verification. It was done that way on both Windows and Linux. I'm not sure why it's not on Mac. You are the first person to raise the issue, and that is surprising.

When or if we can get an you're for Mac, I'll try to get that changed. At present, I don't have a new 64-bit Mac build. I don't own a Mac. Given it's free software, the project depends on interested developers. Right now, there's limited interest. There are lots of users, but few developers. It's a shame Apple doesn't offer the OS for sale for virtual machines.

I think the risks mentioned in the manual have to do with other processes or (on users multi-user systems) being able to read the list of running processes and get the password. On Linux, for example, the password will appear in the clear if used on the command line and one types "ps -ef" or "ps afx".

Sobzak
Posts: 1
Joined: Mon Jul 16, 2018 9:25 am

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by Sobzak » Mon Jul 23, 2018 11:27 am

Does that pose a security risk at the moment, Paul?

User avatar
paulej
Posts: 525
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by paulej » Mon Jul 23, 2018 1:32 pm

That's not a security risk, but it's unfortunate in that a typo could mean a file is lost forever.

Until that gets fixed, I'd suggest encrypting, renaming the file, then trying to decrypt. Renaming the file is important to avoid over-writing the original file. Doesn't matter which file is renamed.

ColoKid
Posts: 1
Joined: Sun Aug 05, 2018 8:49 pm

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by ColoKid » Sun Aug 05, 2018 9:01 pm

Paul, I saw you mentioned running MacOS in a VM on Windows and I think it is possible per this site

https://www.pcsteps.com/2157-mac-os-x-v ... re-player/

This was a complex build but if you could get a High Sierra VM running on your PC then it might be possible to tackle the 32 bit to 64bit AESCrypt conversion us MacOS users are hoping for.

User avatar
paulej
Posts: 525
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by paulej » Tue Aug 07, 2018 3:46 am

I'd do that if Apple would allow me to do it. It's illegal to use a pirated version of OS X and Apple refuses to sell a license for use on virtual machines.

Post Reply

Return to “AES Crypt”