fix: clarify outer-vs-hidden credentials in hidden volume protection UI#1806
fix: clarify outer-vs-hidden credentials in hidden volume protection UI#1806mvanhorn wants to merge 3 commits into
Conversation
|
Thank you for the PR. The direction is correct: hidden volume protection must continue to mount the outer volume while using the hidden volume credentials only to determine the protected range. However, I can't merge this as-is because the new error message is currently only used in the “Auto-Mount All Devices” failure path, even though the PR description says the mount-failure error is clarified generally. The normal single volume mount path still reports ERR_PASSWORD_WRONG through Also, the main dialog clarifies only the password label. Since the ambiguity also applies to PIM, KDF/PRF, and keyfiles, we should either add a clear note that the main dialog expects outer volume credentials, or conditionally clarify those labels too. One style point: newly added entries in Language.xml should be appended at the bottom of the existing entries, not inserted in the middle. This makes it easier for translators to track new strings. Please move the newly added keys there. Please update the PR accordingly. |
|
@mvanhorn did you have a chance to look into my feedback? |
|
Thanks for the detailed review - all three addressed:
I don't have a Windows toolchain to build here, so a look on your end would be appreciated. |
- Single-volume mount failures under hidden volume protection now show the clarified HIDVOL_PROT_PASSWORD_OR_KEYFILE_WRONG guidance (via a new GetWrongPasswordErrorMessageEx with a hiddenVolumeProtection flag), not just the Auto-Mount path. The block is reached only for ERR_PASSWORD_WRONG. - Main password dialog now shows an info balloon (HIDVOL_PROT_OUTER_CREDENTIALS_NOTE) noting the dialog expects OUTER volume credentials (password, PIM, PRF/KDF, keyfiles) when hidden volume protection is enabled, covering the PIM/PRF/keyfile ambiguity, not just the password label. - Move the newly added Language.xml entries to the end of the en block so translators can track new strings.
d7514ff to
55ce763
Compare
|
Thank you for the update. The direction is improved, but the following issues still need to be addressed before merge:
This PR affects many use cases, so comprehensive testing is needed in addition to the code changes. |
…path, translations - Language.xml: restore IDT_HIDDEN_PROT_PASSWD and IDT_HIDDEN_VOL_PROTECTION to their original position and text; use 'outer volume' (not 'decoy'), 'KDF' consistently, and drop 'selected volume' from the wrong-credentials message. - GetWrongPasswordErrorMessageEx: append SYSENC_MOUNT_WITHOUT_PBA_NOTE for the hidden-volume-protection path too (previously skipped), keeping the wrong-mode message for the non-hidden path only. - Route the hidden-protection wrong-password message through WarningDirect instead of a direct MessageBoxW so Silent handling is respected. - Add the three new string keys to all 42 translation files so XML validation passes (English placeholder pending localization).
|
Items 1, 2, 4, and 5 are in 890c264:
I have not done item 3 yet (replacing the edit balloon with persistent labels), because I want to get it right. My plan is persistent static labels near each field mapping password/PIM/KDF/keyfiles for the outer vs hidden volume instead of the balloon. Does that match what you had in mind? On testing scope, to be upfront: I could not build or run this on Windows in my environment, so I have not exercised the dialog end to end. What I verified is XML well-formedness of all 43 language files and the C changes by review. Before merge I would want the hidden-volume-protection mount paths tested on Windows (outer-vs-hidden credential handling, the SysEnc inactive-drive path, and the message routing), and I am glad to script specific scenarios. Happy to hold the balloon work and that testing until we settle item 3. |
|
This is a wording-only change — it reworks the English strings (via Language.xml / LocalizeDialog) and conditionally surfaces the clarified text in the Mount Options dialog and the mount-failure message when Protect Hidden Volume is enabled; it doesn't touch mount or crypto logic. The surface to confirm is the Windows GUI flow: mounting with "Protect hidden volume against damage" enabled and the wrong-credentials failure path. If you tell me which platforms/scenarios you want covered, I'll run through them and report back. |
Summary
Reword the English string entries so the credential split is explicit: clarify the Mount Options "Hidden Volume Protection" section (IDT_HIDDEN_VOL_PROTECTION / IDT_HIDDEN_PROT_PASSWD) to state it expects the HIDDEN volume's password, and add a short clarifying note that the main password dialog must receive the OUTER volume password when protection is enabled. In src/Mount/Mount.c, in the Mount Options dialog handling (MountOptionsDlgProc, around the IDC_PROTECT_HIDDEN_VOL / IDT_HIDDEN_PROT_PASSWD handling) and where the mount-failure error is surfaced, conditionally present the clarified wording when ProtectHiddenVolume is set so the failure message explains the two credential sets rather than the generic PASSWORD_OR_KEYFILE_WRONG text. Adjust the corresponding static-control wording/sizing in src/Mount/Mount.rc only if the longer label requires it (text is loaded from Language.xml via LocalizeDialog, so most changes are string-only).
Why this matters
When mounting with "Protect hidden volume against damage" enabled in the Windows GUI, the main password dialog and the Mount Options protection section do not make clear which credential set goes where. The main dialog needs the OUTER (decoy) volume password while the Mount Options "Hidden Volume Protection" section needs the HIDDEN volume password, but the labels and the wrong-password error use generic text. This causes avoidable authentication failures (the reporter hit Error 9135) for correctly created volumes. The maintainer (idrassi) confirmed the requested behavior change (making the protection section ask for the outer password) would be incorrect, but explicitly agreed there is "a real UI ambiguity" and stated "We will consider improving the Windows GUI labels/error text to make this explicit." This plan implements only that maintainer-endorsed text/label clarification, not any behavior change.
See #1673.
Testing
Fixes #1673