HapaxOromenon
commented
6 years ago You can type the password, but it just won't show it as you type it. Just make sure you type it correctly and then press Enter, and it will work.
Open Darthagnon opened 6 years ago
HapaxOromenon
commented
6 years ago You can type the password, but it just won't show it as you type it. Just make sure you type it correctly and then press Enter, and it will work.
Darthagnon
commented
6 years ago Thanks!
Bioruebe
commented
6 years ago Yes, giving no feedback when entering a password is a so-called 'security feature' in the unix world. I would call it bad software design... Especially Windows users don't know that; and you are not the first to report this problem.
Sadly I cannot change 7zip, unrar and all the other extractors to display asterisks when typing the password. But maybe we can add some kind of workaround. I could probably add a password prompt to UniExtract, which is displayed as soon as a password protected file is detected, and then redirect the input to the extractor.
rmenessec
commented
6 years ago It's feature-ish. Not displaying password feedback can / may mitigate shoulder surfers when you're typing in credentials. Some software has tried to compromise by echoing "*" or similar, but this gives away password length. (It's much easier to brute-force a password if you know any exact characteristics: length, character sets, forbidden symbols.)
Arguably, trying to obfuscate password entry is virtually pointless in an age when most people around you are likely to be carrying cameras, and could simply record footage of your fingers moving on the keys with pretty good visibility. (See Sneakers for an example of the same principle at a distance.)
There's arguments in both directions: I could point out that it's not hard to notice when someone pulls out a phone and starts to record me directly over my shoulder, so I'd prefer to keep password masking the way it is.
Darthagnon
commented
6 years ago I've got the hang of using it, but redirecting input/a password prompt would probably be helpful... Surely, though, realistically, password entry to extract a file is unlikely to be a "high-security" situation where you'd be worrying about shoulder-surfers, etc.? Most often, if I'm extracting a file that needs a password, it's a w4rez cr4ck or somesuch, with a ~30% chance of being a virus anyway. Probably just the fact that we're (probably) using Windows or Chrome (or any Big Tech product) are security/privacy risks in themselves. Very interesting points raised, though :)
Juesto
commented
6 years ago at least certainly the status box could say that it's waiting for a password. Additionally see wrappers such as TortoiseGit (and tortoisesvn)
When I try to extract a password-protected RAR file with UniExtract2 (I am using the older release candidate), it stops, saying "User input required", and a CMD window is open (I guess it's the RAR extraction plugin), waiting for a password. Unfortunately, I can't type or paste a password into it - it remains unresponsive to user input. As such, it is impossible to extract password-protected RARs with UniExtract2.
(Note that I haven't yet tried the very latest release candidate build).