This project has moved and is read-only. For the latest updates, please go here.

BUG: VC forgets 'Display password' setting

Topics: Technical Issues
Mar 17, 2016 at 10:01 AM
When mounting a volume, VC keeps forgetting the 'display password' setting. Every time I have to click it again, again and again.

Please fix, thank you.
Mar 17, 2016 at 4:27 PM
In my opinion, this is not a bug since this is the default behavior from TrueCrypt and is a good security feature to prevent from accidentally exposing the password for other non-system volumes to the screen.

I could easily make the opposite argument that the show password should only be for the current volume that I am mounting and not automatically include all other volumes I am going to mount once I check the display password checkbox. For example using Favorites, I may only need to enable display the password for the second volume I am mounting but not the other volumes I am mounting.

A compromise suggestion is a new Default Mount Parameters option to enable the display password for all non-system volumes. System encryption uses the bootloader which does not read the Configuration.xml file that is still encrypted since OS is not mounted and running during the bootloader session.
Mar 17, 2016 at 5:54 PM
I would dearly like this to be an option in the settings. That way, everybody can work the way they want it to work.
Mar 18, 2016 at 12:43 AM
Edited Mar 18, 2016 at 12:53 AM
If it were made an option, it should include a strong warning. Obviously this is an
intended feature and should at least remain the default. How much trouble can it
be - one extra click? You want your girl friend looking over your shoulder saying
"You unchecked that just because I'm standing here? I'm insulted! No booty for
you!"? As it is, it's "secure by default", which is how it should be. If it were otherwise
and you were in a situation where it would be prudent to hide the pass phrase, you
would have to do so ACTIVELY, which would be noticeable and some people would
be offended. If you really want to set it up that way, just learn the command line
interface, write a script or batch file or btm, and bypass the gui. It's not at all
difficult, and if you don't know how it is time to spend a couple of hours and learn to.
You can set it to show password if you really want it that way. Momentarily, I was
tempted to write a batch file and include it in this reply, even though I haven't worked
in Windows in a decade, but then I realized it would be the moral equivalent of
what I believe lawyers call an "attractive nuissance" and some poor sucker would use
it and suffer thereby. Maybe I shouldn't have even pointed out how to do it.
Mar 18, 2016 at 9:28 AM
What do you mean? I simply double click a container and the GUI pops up where I can mount the container.
Is there a way to start the GUI with a command-line parameter so that it has the 'Display password' checkmark on?

Could you please elaborate?

I still want to have this as an OPTION. Why make it so difficult and user-unfriendly? You don't have to use it, but I would like to.
Mar 18, 2016 at 10:54 AM
Edited Mar 18, 2016 at 11:07 AM
SHBouwhuis wrote:
What do you mean? I simply double click a container and the GUI pops up where I can mount the container.
Is there a way to start the GUI with a command-line parameter so that it has the 'Display password' checkmark on?
No. You wouldn't use the GUI. Start here:
https://veracrypt.codeplex.com/wikipage?title=Command%20Line%20Usage
To make it as easy as you want, you'll have to learn to write a batch
file (or one of it's equivalents, like a btm, or if you used Bash for
Windows, for example, you might call it a script). You'll need to understand
variables, and whatever Windows batch language (same language as
the Windows command line, often miscalled "DOS") uses for user text entry, the
equivalent of "read -p" in bash. ATM I don't recall that.
Then you'll need to put "open this with my decryption batch running in a terminal" in
your file context menu. I'm not sure what the current way is to do that in Windows
but if it isn't easy, somebody probably make a shareware program that
will make it easy. You just have to look for it. All that will probably take you a few days, but you will then have skills you can apply to other problems. Somebody both current
and good with Windows batch files could probably knock it out in 30 minutes. Somebody like
me that hasn't used Windows in many years but used to be competent, could probably do it a couple of hours. If you are really motivated enough to tackle it, just to save one click, I'd suggest
taking a look at 4NT as an alternative to the regular batch language.
And one warning: Writing scripts or batch files is ADDICTIVE and becomes
a compulsion that will force you to tackle bigger and bigger projects
and keep you up all night because you're "almost finished". You've been warned. Have fun.

BTW, if you do this, you might be tempted to actually write the password in the batch file. Don't. That would be totally insecure. You'd instead use a command that tells the batch to say something like "Enter pass:" and wait for you to type it (visibly) and press enter.

I should also add, that this might be less secure even if it is done reasonably well. Avoiding winding up with the pass written in a log file somewhere, might be tricky. Windows is totally Byzantine about stuff like that, and it keeps changing, and unlike
open source, non propietary software, they make it real hard for the average Joe to
know what's going on under the hood.
Mar 18, 2016 at 11:13 AM
@continetalop
?!?!?!?! How is a normal person supposed to do this ?!?!?!?!?

This reminds me of why Linux is still on the margins. Almost no one wants to go to the command-line and 'spend a couple of hours' to do one single simple thing that in Windows is a checkmark in the settings window.
Sorry, but this really doesn't help me. I appreciate your efforts, but needing to do 'a couple of hours' of work for each person in the world who also wants this option is madness. What if we had to do all options like you suggested? Nobody would use any applications anymore on account that it is just too difficult/cumbersome to do.
Mar 18, 2016 at 12:00 PM
I'm NOT suggesting it. I think the objective is unreasonable.
You're talking about saving ONE, count 'em, 1, click.
I'm also not talking about linux. I pointed out how to
do it in WINDOWS, after repeatedly pointing out why it
was a bad idea, and that the present behaviour is as it
is DESIGNED to be, and so designed for good reason.

And an ordinary person would do it the same way he
would do any other thing he thought was worth the
effort - apply ordinary time and effort to it. Everyone
chooses how to spend his 24 hours/day. Mr. Idrassi has
exactly the same number or hours/day also and I doubt
he is going to place a high priority on making the code
just a little more complex so some users can easily run the
program in a slightly less secure way and save 1 click.
Mar 18, 2016 at 5:39 PM
Edited Mar 18, 2016 at 5:40 PM
VC keeps forgetting to 'display password is not a bug. Must remember that security comes with a cost of inconvenience. In this case it is a very small cost - one simple click.
Mar 18, 2016 at 5:47 PM
Bug or missing feature, it really doesn't matter to me. Hiding passwords has nothing to do with security. Not everyone has someone looking over their shoulders all the time.

I hope someone will implement this *** OPTIONAL *** feature.