[SOLVED]QtPass maximum number of attempts

This forum is dedicated to basic help and support :

Ask here your questions about basic installation and usage of Mageia. For example you may post here all your questions about getting Mageia isos and installing it, configuring your printer, using your word processor etc.

Try to ask your questions in the right sub-forum with as much details as you can gather. the more precise the question will be, the more likely you are to get a useful answer

[SOLVED]QtPass maximum number of attempts

Postby banjo » Feb 12th, '23, 21:21

I am using QtPass as my password manager. I inadvertently entered my master passphrase incorrectly, and it posted an error dialog saying

Bad Passphrase (try 2 of 3)


This implies to me that there are a maximum of 3 attempts to log in, after which there is a penalty incurred. I have searched high and low and cannot find what the penalty is for too many attempts.

I have searched the QtPass source code for the error message, and did not find it. So it appears that the message is posted by another piece of the system. The dialog box frame title has what appears to be a PID in it, for example

[2052363]@linux8core


That happens to be the PID of gpg2, so I am assuming that gpg2 is posting the dialog.

Code: Select all
[brian@linux8core ~/.gnupg]$ ps -alx | grep 2052363
0  1001 2052363 2052362  20   0 190888  6944 -      SL   ?          0:00 gpg2 -d --quiet --yes --compress-algo=none --no-encrypt-to --batch --use-agent /home/brian/.password-store//amazon.com.gpg


I would like to find out what the penalty is, and if so is it configurable.

There is no gpg.conf on my system that I can find.

It is curious that every time I try this I get "(try 2 of 3)", so if the penalty is a timeout, it is fairly short.

Any pointers to where I can find out how this works would be much appreciated.

inxi info
Code: Select all
System:    Host: linux8core Kernel: 5.15.88-desktop-1.mga8 x86_64 bits: 64 Desktop: KDE Plasma 5.20.4 Distro: Mageia 8 mga8
Machine:   Type: Desktop Mobo: Micro-Star model: MPG Z590 GAMING PLUS (MS-7D07) v: 2.0 serial: <superuser required>
           UEFI: American Megatrends LLC. v: A.10 date: 04/09/2021
CPU:       Info: 8-Core 11th Gen Intel Core i7-11700K [MT MCP] speed: 800 MHz min/max: 800/4900 MHz
Graphics:  Device-1: NVIDIA GA106 [Geforce RTX 3050] driver: nvidia v: 510.60.02
           Display: x11 server: Mageia X.org 1.20.14 driver: nvidia resolution: 1: 1920x1080~60Hz 2: 1920x1080~60Hz
           OpenGL: renderer: NVIDIA GeForce RTX 3050/PCIe/SSE2 v: 4.6.0 NVIDIA 510.60.02


Thanks,
Banjo
(_)==='~
Last edited by banjo on Feb 13th, '23, 20:49, edited 1 time in total.
If only the best bird sang, the forest would be a very quiet place.
User avatar
banjo
 
Posts: 476
Joined: May 4th, '11, 03:50
Location: Reading, Massachusetts


Re: QtPass maximum number of attempts

Postby banjo » Feb 12th, '23, 22:34

Thanks for the pointer. I did not run into that one during my search. I guess the warning is sort of toothless.
If only the best bird sang, the forest would be a very quiet place.
User avatar
banjo
 
Posts: 476
Joined: May 4th, '11, 03:50
Location: Reading, Massachusetts

Re: QtPass maximum number of attempts

Postby isadora » Feb 13th, '23, 06:54

Please banjo, don't forget to mark the topic [SOLVED].
You can do so, by editing the subject/title in the first message in this topic.
Write [SOLVED] to the left of subject/title, thanks ahead. ;)
..........bird from paradise..........

Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.
—Antoine de Saint-Exupéry
User avatar
isadora
 
Posts: 2765
Joined: Mar 25th, '11, 16:03
Location: Netherlands

Re: [SOLVED]QtPass maximum number of attempts

Postby banjo » Feb 13th, '23, 20:51

OK. Said and done, although I might continue to look into it as a puzzle. If I find out something more specific about it I will report back here.
If only the best bird sang, the forest would be a very quiet place.
User avatar
banjo
 
Posts: 476
Joined: May 4th, '11, 03:50
Location: Reading, Massachusetts

Re: [SOLVED]QtPass maximum number of attempts

Postby banjo » Feb 18th, '23, 03:35

I did a little more digging into this to see if I could figure out what it is doing with the failed passphrase errors. Here is what I saw.

When you attempt to access a password, the program starts up a gpg2 process, which posts the dialog box requesting the passphrase. That process gives the user three tries at the password and after the third bad attempt it posts an error and exits. So, the penalty for providing three incorrect attempts is that the gpg2 process gives up and quits.

However, if you click on the password again, it starts another gpg2 process, which then gives you three tries to guess the passphrase.

I don't know if invoking a new process every three tries would be enough to slow down a brute force attack, but it might.

The bottom line is that it does not do anything permanent such as locking you out after three tries.
If only the best bird sang, the forest would be a very quiet place.
User avatar
banjo
 
Posts: 476
Joined: May 4th, '11, 03:50
Location: Reading, Massachusetts


Return to Basic support

Who is online

Users browsing this forum: No registered users and 1 guest