MAC GUI AESCrypt : does not ask for confirmation password !!!

Discussion related to AES Crypt, the file encryption software for Windows, Linux, Mac, and Java.
Post Reply
mastoppa
Posts: 1
Joined: Sun Jun 03, 2018 10:40 am

MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by mastoppa » Sun Jun 03, 2018 11:11 am

Hello and congratulations for the good work on AEScrypt!
I have just downloaded the Mac Gui for Aescrypt and noticed that when you encrypt a file the password is dotted and it doesnt ask to re-enter a confirmation !!!
Imagine if i have a 20 digit random passwords and i have to input it only once and without seeing it...EXTREMELY DANGEROUS!! one little mistake and paf file lost for ever!
i am quite surprised that no one has ever mentioned it!
obviously most of the people must be using for encrypting the command line script where the password can be written or it's asked 2 times...

ah and by the way in the manual about the command line is written that
"In all of the examples above, the password is provided on the command line. Since there are certain risks associated with that kind of usage, it may be preferred to let aescrypt prompt you to enter the password"

what are these risks ??

thanks!

User avatar
paulej
Posts: 516
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by paulej » Sun Jun 03, 2018 3:06 pm

You're right that AES Crypt should be asking for the password twice for verification. It was done that way on both Windows and Linux. I'm not sure why it's not on Mac. You are the first person to raise the issue, and that is surprising.

When or if we can get an you're for Mac, I'll try to get that changed. At present, I don't have a new 64-bit Mac build. I don't own a Mac. Given it's free software, the project depends on interested developers. Right now, there's limited interest. There are lots of users, but few developers. It's a shame Apple doesn't offer the OS for sale for virtual machines.

I think the risks mentioned in the manual have to do with other processes or (on users multi-user systems) being able to read the list of running processes and get the password. On Linux, for example, the password will appear in the clear if used on the command line and one types "ps -ef" or "ps afx".

Post Reply

Return to “AES Crypt”