search

BenWestgate / Bails

Bails is a Bitcoin solution protecting against surveillance, censorship, and confiscation. It installs Bitcoin Core on the encrypted Persistent Storage of Tails, creates and recovers Bitcoin Core wallets from Codex32 (BIP93) seed backups, and creates backup Bails USB sticks and shareable blank Bails USB sticks. Learn more in README.md.
MIT License
39 stars 7 forks source link

Spaced repetition will fail if screen lock or administration password are set in advance #77

Closed BenWestgate closed 1 month ago

BenWestgate commented 11 months ago

This hasn't been reproduced but based on the code this will occur as passwd requests 3 lines of input not 2 when they already have an amnesia password.

Proposed fix: if passwd fails ask user for their User Account password. They will probably know this as a "screen lock password" if regular user and it is their "Administration password" if they have privileges, there is a script bundled in Tails to tell me which type of user they are to use the appropriate text.

Then passwd can be recalled in an until loop as follows printf "$user_password\n$luks_passphrase\n$luks_passphrase" | passwd

github-actions[bot] commented 3 months ago

Stale issue message

BenWestgate commented 3 months ago

To determine if the current user's account already has a passphrase set, you can check the existence of a passphrase file or directory associated with the user's account. In Linux systems, user account information is typically stored in the /etc/passwd file, and passwords are stored in the /etc/shadow file. However, you should not directly access or modify these files.

Instead, you can use the passwd command with the -S option to check the status of the user's password. Here's how you can do it in a bash script:

#!/bin/bash

# Check if the user's account has a passphrase set
check_passphrase() {
    # Get the username of the current user
    username=$(whoami)

    # Check the status of the user's password using passwd command
    passwd_status=$(passwd -S $username)

    # Extract the second field, which contains the password status
    password_status=$(echo $passwd_status | awk '{print $2}')

    # Check if the password status indicates that a password is set
    if [ "$password_status" == "P" ]; then
        echo "User $username has a password set."
    elif [ "$password_status" == "NP" ]; then
        echo "User $username does not have a password set."
    else
        echo "Unable to determine the password status for user $username."
    fi
}

# Call the function to check the passphrase status
check_passphrase

This script defines a function check_passphrase that checks the status of the current user's password using the passwd -S command. It then extracts the password status from the output and prints a message indicating whether a password is set or not. You can integrate this logic into your script to determine if the user's account already has a passphrase set or not.

BenWestgate commented 1 month ago

Raising priority to high as this interferes with testing some of the features needed because as if installation does not complete it tries to do spaced repetition with the existing passphrase. But if you're rerunning an installation that failed it can't get past this point.