It was suggested that I should re-post this issue here. I originally opened it in linuxmint/cinnamon: #13349
There are two main issues:
- Password is remembered after logout despite “remember until logout” option
- The default option in the authentication dialog is unsafe
Here is the original post:
Distribution
Linux Mint 22.1 Cinnamon
Package version
6.4.8
Graphics hardware in use
No response
Frequency
Always
Bug description
When unlocking a LUKS encrypted external disk (encrypted using the Disks utility,) the option “Remember password until you logout” does not behave as described. If this option is selected, the password is still remembered after logging out of the session. The system only forgets the password after a full shutdown.
Additionally, the option “Remember password until you logout” is preselected by default every time the authentication dialog appears. This is insecure and can easily cause the password to be stored unintentionally.
Steps to reproduce
- Encrypt an external disk using LUKS via the Disks application.
- Plug the encrypted disk into the system.
- When prompted with the “Authentication Required” dialog, enter the password.
- Leave the default option “Remember password until you logout” selected.
- Log out of the user session.
- Log back into the same user account.
- Reinsert the disk or attempt to access it again.
Expected behavior
If “Remember password until you logout” is selected, the password should be cleared on logout and a password prompt should appear again after logging back in.
Additionally, the default selection in the authentication dialog should be “Forget password immediately”. Remembering the password should require an explicit user choice, not be enabled by default.
Additional information
This behavior poses a security risk. It is very easy to accidentally confirm the dialog too quickly while the insecure option is preselected, resulting in the password being stored longer than intended. In the worst case, the user must fully shut down the system to clear the stored password.
If the default were instead set to “Forget password immediately”, the worst case scenario would be far less severe: the user would simply need to unplug and plug the disk back in and then explicitly choose to remember the password if desired. This would significantly reduce the impact of accidental confirmation while improving overall security and usability.
It was suggested that I should re-post this issue here. I originally opened it in linuxmint/cinnamon: #13349
There are two main issues:
Here is the original post:
Distribution
Linux Mint 22.1 Cinnamon
Package version
6.4.8
Graphics hardware in use
No response
Frequency
Always
Bug description
When unlocking a LUKS encrypted external disk (encrypted using the Disks utility,) the option “Remember password until you logout” does not behave as described. If this option is selected, the password is still remembered after logging out of the session. The system only forgets the password after a full shutdown.
Additionally, the option “Remember password until you logout” is preselected by default every time the authentication dialog appears. This is insecure and can easily cause the password to be stored unintentionally.
Steps to reproduce
Expected behavior
If “Remember password until you logout” is selected, the password should be cleared on logout and a password prompt should appear again after logging back in.
Additionally, the default selection in the authentication dialog should be “Forget password immediately”. Remembering the password should require an explicit user choice, not be enabled by default.
Additional information
This behavior poses a security risk. It is very easy to accidentally confirm the dialog too quickly while the insecure option is preselected, resulting in the password being stored longer than intended. In the worst case, the user must fully shut down the system to clear the stored password.
If the default were instead set to “Forget password immediately”, the worst case scenario would be far less severe: the user would simply need to unplug and plug the disk back in and then explicitly choose to remember the password if desired. This would significantly reduce the impact of accidental confirmation while improving overall security and usability.