MAC GUI AESCrypt : does not ask for confirmation password !!!

Discussion related to AES Crypt, the file encryption software for Windows, Linux, Mac, and Java.
mastoppa
Posts: 1
Joined: Sun Jun 03, 2018 10:40 am

MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by mastoppa » Sun Jun 03, 2018 11:11 am

Hello and congratulations for the good work on AEScrypt!
I have just downloaded the Mac Gui for Aescrypt and noticed that when you encrypt a file the password is dotted and it doesnt ask to re-enter a confirmation !!!
Imagine if i have a 20 digit random passwords and i have to input it only once and without seeing it...EXTREMELY DANGEROUS!! one little mistake and paf file lost for ever!
i am quite surprised that no one has ever mentioned it!
obviously most of the people must be using for encrypting the command line script where the password can be written or it's asked 2 times...

ah and by the way in the manual about the command line is written that
"In all of the examples above, the password is provided on the command line. Since there are certain risks associated with that kind of usage, it may be preferred to let aescrypt prompt you to enter the password"

what are these risks ??

thanks!

User avatar
paulej
Posts: 522
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by paulej » Sun Jun 03, 2018 3:06 pm

You're right that AES Crypt should be asking for the password twice for verification. It was done that way on both Windows and Linux. I'm not sure why it's not on Mac. You are the first person to raise the issue, and that is surprising.

When or if we can get an you're for Mac, I'll try to get that changed. At present, I don't have a new 64-bit Mac build. I don't own a Mac. Given it's free software, the project depends on interested developers. Right now, there's limited interest. There are lots of users, but few developers. It's a shame Apple doesn't offer the OS for sale for virtual machines.

I think the risks mentioned in the manual have to do with other processes or (on users multi-user systems) being able to read the list of running processes and get the password. On Linux, for example, the password will appear in the clear if used on the command line and one types "ps -ef" or "ps afx".

Sobzak
Posts: 1
Joined: Mon Jul 16, 2018 9:25 am

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by Sobzak » Mon Jul 23, 2018 11:27 am

Does that pose a security risk at the moment, Paul?

User avatar
paulej
Posts: 522
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by paulej » Mon Jul 23, 2018 1:32 pm

That's not a security risk, but it's unfortunate in that a typo could mean a file is lost forever.

Until that gets fixed, I'd suggest encrypting, renaming the file, then trying to decrypt. Renaming the file is important to avoid over-writing the original file. Doesn't matter which file is renamed.

ColoKid
Posts: 1
Joined: Sun Aug 05, 2018 8:49 pm

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by ColoKid » Sun Aug 05, 2018 9:01 pm

Paul, I saw you mentioned running MacOS in a VM on Windows and I think it is possible per this site

https://www.pcsteps.com/2157-mac-os-x-v ... re-player/

This was a complex build but if you could get a High Sierra VM running on your PC then it might be possible to tackle the 32 bit to 64bit AESCrypt conversion us MacOS users are hoping for.

User avatar
paulej
Posts: 522
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by paulej » Tue Aug 07, 2018 3:46 am

I'd do that if Apple would allow me to do it. It's illegal to use a pirated version of OS X and Apple refuses to sell a license for use on virtual machines.

arnaud.mar
Posts: 4
Joined: Wed Dec 12, 2018 9:40 am

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by arnaud.mar » Wed Dec 12, 2018 10:54 am

Hi,
This is the first thing that I noticed when I loaded the program for the first time. (password asked only once)

This problem could be fixed by changing the code (the program is based on an applescript code)

I would edit the 2 files :

AESCrypt.app/Contents/Resources/Scripts/main.scpt
and
AESCrypt.app/Contents/Resources/Scripts/main.applescript

and change the code this way :

on open argv
try
set tFile to argv -- or use an alias to any file
set tPath to quoted form of (POSIX path of tFile) -- the shell's form. quoted form of is required if the path might include spaces.
set tName to name of (info for tFile) -- standard AppleScript
set my_extension to ""
set _length to (count of tName)
if _length > 4 then
set my_extension to text ((the number of characters of tName) - 3) thru -1 of tName
end if
if my_extension = ".aes" or my_extension = ".AES" then
set my_direction to "decryption"
set my_pass to quoted form of text returned of (display dialog "Enter password for " & ¬
my_direction ¬
with title ¬
"AESCrypt" with icon 1 ¬
default answer ¬
"" buttons {"Continue"} ¬
default button 1 ¬
with hidden answer)
else
set my_direction to "encryption"
set my_pass to quoted form of text returned of (display dialog "Enter password for " & ¬
my_direction ¬
with title ¬
"AESCrypt" with icon 1 ¬
default answer ¬
"" buttons {"Continue"} ¬
default button 1 ¬
with hidden answer)

set my_pass2 to quoted form of text returned of (display dialog "Re-enter password for " & ¬
my_direction ¬
with title ¬
"AESCrypt" with icon 1 ¬
default answer ¬
"" buttons {"Continue"} ¬
default button 1 ¬
with hidden answer)

end if

set myPath to (path to me) as text
set myAES to myPath & ":AESCrypt.app:Contents:MacOS:aescrypt"
set myAES to quoted form of (POSIX path of myAES)

if my_direction = "encryption" then
if (my_pass = my_pass2) then
do shell script (myAES & " -e -p " & my_pass & " " & tPath)
else
display dialog "Error : the 2 passwords are different"
end if

else
do shell script (myAES & " -d -p " & my_pass & " " & tPath)
end if
on error errStr number errorNumber
error errStr number errorNumber
display dialog "Error: " & errorNumber & " Text: " & errStr
end try
end open

All the best,
Arnaud

zlk
Posts: 4
Joined: Thu Sep 13, 2018 12:57 pm

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by zlk » Fri Dec 21, 2018 7:47 pm

Arnaud,
Which version of Mac AESCrypt do you use? The latest version that was uploaded to packetizer.com around Nov 5 contains that feature.
Please, try this: https://www.aescrypt.com/download/v3/ma ... .1_x64.dmg

arnaud.mar
Posts: 4
Joined: Wed Dec 12, 2018 9:40 am

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by arnaud.mar » Fri Dec 21, 2018 8:37 pm

I use the GUI version for 32-bit Intel processors. The 64-bit version is not compatible with my (old) OS system.
All the best,
Arnaud

User avatar
paulej
Posts: 522
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: MAC GUI AESCrypt : does not ask for confirmation password !!!

Post by paulej » Sat Dec 22, 2018 1:31 am

Arnaud, I'm not sure that we could get this fixed. Getting people to volunteer to build for Mac has been a challenge and it's even harder to get builds on older platforms. But, I do wonder if, perhaps, a new AppleScript could be put into place that would work? That is, install the old package, but then use the newer AppleScript code. @zlk could probably tell you how to do that to try it out.

Post Reply