Why can't I paste into the password dialog when mounting an encrypted disk image?

Question

I've got an encrypted sparse bundle disk image and I've used fstab with the right UUID to mount it someplace other than /Volumes. What I would like is to just dbl-click on it, enter the password and have it show up where I want it. I use a password manager and I have intentionally chosen a long random gibberish password for the disk image. It seems that I am not allowed to paste my password into the dialog that asks for a password when mounting an encrypted disk image.

Am I doing something wrong?

The OS also disables keyboard loggers when in a secure text entry field. TextExpander is an example of a legitimate keyboard logger. — Ɱark Ƭ, Jan 25 '13 at 21:10
How are you trying to paste? I've found areas where cmd+v doesn't work but ctrl+click > paste does work. — forquare, Jun 28 '15 at 00:12

score 32 · Accepted Answer · edited Feb 06 '14 at 02:47

32

No, you aren't doing anything wrong. Apple doesn't allow you to paste into certain secure dialog boxes. It's a feature, not a bug. (It makes a brute force hack of the dialog box more difficult.)

You can paste the password into the command line if you mount the secure image using hdiutil.

Open Terminal and type:

 hdiutil attach /path/to/imagefile -stdinpass

When prompted for the password, copy it from a text file or (preferably) a password vault and paste it into terminal.

If the path/to/imagefile is complex, you can type the command, a space, then drag the imagefile icon from the finder into the terminal window to automatically enter the path/filname.

edited Feb 06 '14 at 02:47

Community

1

answered Jan 25 '13 at 17:45

jaberg

9,849

19

Awesome. So I'm encouraged to only use a password that I can remember and type easily. – kbyrd Jan 25 '13 at 21:27
I generate and store the passwords in Password Wallet and type them into the dialog. They're not overly long, but they are random and at least to my thinking, they're secure enough. – jaberg Jan 25 '13 at 21:47
10

What an odd choice by Apple, to make brute-forcing the dialog box harder, while it's still possible (and I would say easier) to brute-force the command-line utility. – drfrogsplat Dec 05 '13 at 01:55
11

@drfrogsplat, exactly. This is a terrible feature—all it does is make it harder to use password managers. – Will Jan 07 '15 at 14:31
4

This feature is outdated and stupid... can't use 1password at all. Can't even copy the suggested password – amleszk Apr 07 '15 at 19:25
if you're trying to mount an encrypted logical volume, as I was, then https://derflounder.wordpress.com/2011/11/23/using-the-command-line-to-unlock-or-decrypt-your-filevault-2-encrypted-boot-drive/ has the magic command: "diskutil corestorage unlockVolume UUID -stdinpassphrase", where UUID is the volume Id you'll see in "diskutil list" output. – jrg Nov 24 '15 at 15:22
2

Wow, so you get penalized for picking long, complex passwords – Ray Jul 21 '16 at 13:31
@kbyrd, Awesome. So I'm encouraged to use passwords like "123". Great. Really great. – Andrzej Martyna Dec 13 '17 at 12:57
This is a totally stupid and douchebag move from Apple - as usual these days. And "making it harder to brute force" is simply not the case. I have an AppleScript in my dock that takes pasted text and types it as keystrokes programmatically. It's an inconvenience for the user, nothing else. – Julian F. Weinert Jul 31 '19 at 22:00

Dae · Answer 2 · 2015-06-27T22:40:52.500

18

I wrote a very tiny AppleScript application which allows you to paste passwords even where its not allowed by tricking the system into thinking that you're typing on your keyboard. The downside: it takes space in your Dock.

edited Jun 27 '15 at 22:40

answered Oct 21 '13 at 23:13

Dae

331

score 12 · Answer 3 · answered Oct 22 '13 at 04:15

12

You could also run a script like this in AppleScript Editor:

tell application "System Events" to tell process "SecurityAgent"
    set value of text field 1 of window 1 to (the clipboard)
    click button 1 of group 1 of window 1
end tell

It requires access for assistive devices to be enabled from System Preferences.

answered Oct 22 '13 at 04:15

Lri

105,117

WOW! Thanks a lot. These 4 lines will save me hours of time and make my passwords stronger. – Yan Jan 16 '14 at 10:15
I would strongly recommend that people use hdiutil as jaberg answered instead of resorting to UI automations such as this one. – Blacklight Shining Sep 18 '15 at 02:36
thank you! my keyboard is being fragged and the left and right shift keys dont work - not so good for passwords that need shift-numbers on a mac book air ;9 – Bae Oct 02 '15 at 11:46

score -1 · Answer 4 · answered Jan 25 '13 at 22:01

-1

Apple's security prevents this as answered separately by jaberg. But are you not prompted to store the password in your keychain? I've only used encrypted physical volumes and not disk images, but I'm always prompted to store the password to my keychain.

answered Jan 25 '13 at 22:01

Phillip U.

44

3

Storing the password in the system keychain runs against the notion of keeping the enclosed files secure. If someone has access to your open account, they can access the encrypted files. You could however move the keys for encrypted images into a second keychain that is protected by a different password. That way you would only have one additional complex password to remember. – jaberg Jan 25 '13 at 22:04
1

I specifically don't want to use the keychain. I use my password manager for that. – kbyrd Jan 28 '13 at 15:06
May want to add this as a comment, not answer FWIW – rogerdpack Feb 02 '18 at 19:42

Why can't I paste into the password dialog when mounting an encrypted disk image?

4 Answers4

Linked