Re: Display feedback while typing password in terminal.

Top Page
Attachments:
Message as email
+ (text/plain)
+ signature.asc (application/pgp-signature)
+ (text/plain)
Delete this message
Reply to this message
Author: Joseph Sinclair
Date:  
To: Main PLUG discussion list
Subject: Re: Display feedback while typing password in terminal.
Changing it to echo the output would, in fact, break a TON of things, particularly if getpass() were changed, since a lot of calls like that don't actually have an attached terminal (we programmers do weird things sometimes). Even passwd is used in situations where echo would break scripts and programs written with somewhat delicate assumptions about output.

The primary reason the password prompts don't echo input is precisely because knowing the exact length of a password is a huge advantage when trying to break into a system, and the echo could easily be picked up via network sniffers(packet count) or by various forms of offline or social attack, ranging from simple shoulder surfing to hacked wifi security cameras.

Adding the echo gets floated as an idea every now and then, and it usually results in a copy/paste of the same, quite vigorously unpleasant, response used in the past.

It's not too hard (as noted in other places) to add the visual feedback for the user if you're writing a program or GUI interface.
If the user is using passwd directly, they should be savvy enough to know it won't echo (or the admin can wrap passwd as suggested elsewhere).

==Joseph++

On 09/09/2013 07:42 AM, Dazed_75 wrote:
> "Why is it not seeing my typing?" is one of the most frequest questions I
> get from newbies though. Makes me wonder if it would break anything for
> anyone if it were changes upstream to echo each input character with an
> asterisk. Any ideas if it would? Would it make a difference if passwd or
> getpass() were changed> Would it be a security issue in any way?
>
>
> On Mon, Sep 9, 2013 at 6:49 AM, Shawn Badger <> wrote:
>
>> Thanks Brian, i was hoping it wouldn't be that deep of a change, I think
>> my users will just have to get used to it since I'm not thinking it a big
>> enough problem to change the app. It is always good to be able to have the
>> choice to though :)
>>
>>
>>
>>
>>
>> On Fri, Sep 6, 2013 at 8:51 AM, Brian Cluff <> wrote:
>>
>>> I was just reading though the source for passwd and it looks like there
>>> isn't a way to do it without rewriting parts of passwd to not use the
>>> getpass function, or rewriting getpass itself if you want everything to
>>> output the stars.
>>>
>>>         The  getpass()  function  opens  /dev/tty (the controlling
>>>         terminal of the process), outputs the string prompt, turns off
>>>         echoing, reads one line (the "password"), restores the terminal
>>>         state and closes /dev/tty again.

>>>
>>> Brian Cluff
>>>
>>>
>>> On 09/06/2013 08:13 AM, Shawn Badger wrote:
>>>
>>>> Thanks Larry!!
>>>> I have found several articles on how to do form within sudo, but nothing
>>>> on how to get passwd or bash to do it so far.
>>>>
>>>>
>>>> On Thu, Sep 5, 2013 at 4:29 PM, Dazed_75 <
>>>> <mailto:lthielster@gmail.com>> wrote:
>>>>
>>>>     Oops!  I misread your question.  That was for the part you already
>>>> know.

>>>>
>>>>
>>>>     On Thu, Sep 5, 2013 at 4:27 PM, Dazed_75 <
>>>>     <mailto:lthielster@gmail.com>> wrote:

>>>>
>>>>         http://www.maketecheasier.com/**quick-tips/show-password-**
>>>> asterisks-in-terminal<http://www.maketecheasier.com/quick-tips/show-password-asterisks-in-terminal>

>>>>
>>>>         worked for me :)

>>>>
>>>>
>>>>         On Thu, Sep 5, 2013 at 12:55 PM, Shawn Badger <
>>>>         <mailto:shawn@badger.pro>> wrote:

>>>>
>>>>             I have how to display password feed back while using sudo,
>>>>             but Google has failed me on how to display feedback while
>>>>             running passwd in a terminal session.  Does anyone know if
>>>>             the pwfeedback environment setting works outside of sudoers
>>>>             file or an equivalent setting for the passwd command?

>>>>
>>>>
>>>>
>>>>             ------------------------------**---------------------
>>>>             PLUG-discuss mailing list - .**
>>>> org <>
>>>>             <mailto:PLUG-discuss@lists.**phxlinux.org<>

>>>>>
>>>>
>>>>             To subscribe, unsubscribe, or to change your mail settings:
>>>>             http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<http://lists.phxlinux.org/mailman/listinfo/plug-discuss>

>>>>
>>>>
>>>>
>>>>
>>>>         --
>>>>         Dazed_75 a.k.a. Larry

>>>>
>>>>         Please protect my address like I protect yours. When sending
>>>>         messages to multiple recipients, use the BCC: (Blind carbon
>>>>         copy). Remove addresses from a forwarded message body before
>>>>         clicking Send.

>>>>
>>>>
>>>>
>>>>
>>>>     --
>>>>     Dazed_75 a.k.a. Larry

>>>>
>>>>     Please protect my address like I protect yours. When sending
>>>>     messages to multiple recipients, use the BCC: (Blind carbon copy).
>>>>     Remove addresses from a forwarded message body before clicking Send.

>>>>
>>>>     ------------------------------**---------------------
>>>>     PLUG-discuss mailing list - .**org<>
>>>>     <mailto:PLUG-discuss@lists.**phxlinux.org<>

>>>>>
>>>>
>>>>     To subscribe, unsubscribe, or to change your mail settings:
>>>>     http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<http://lists.phxlinux.org/mailman/listinfo/plug-discuss>

>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------**---------------------
>>>> PLUG-discuss mailing list - .**org<>
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>
>>>> ------------------------------**---------------------
>>> PLUG-discuss mailing list - .**org<>
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>


---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss