Display feedback while typing password in terminal.

Shawn Badger shawn at badger.pro
Tue Sep 10 07:28:59 MST 2013


I guess if we wan tit that bad we will have to wrap it like JD and others
have suggested.

Thanks for everyone's suggestions!!


On Mon, Sep 9, 2013 at 7:45 PM, Joseph Sinclair
<plug-discussion at stcaz.net>wrote:

> Changing it to echo the output would, in fact, break a TON of things,
> particularly if getpass() were changed, since a lot of calls like that
> don't actually have an attached terminal (we programmers do weird things
> sometimes).  Even passwd is used in situations where echo would break
> scripts and programs written with somewhat delicate assumptions about
> output.
>
> The primary reason the password prompts don't echo input is precisely
> because knowing the exact length of a password is a huge advantage when
> trying to break into a system, and the echo could easily be picked up via
> network sniffers(packet count) or by various forms of offline or social
> attack, ranging from simple shoulder surfing to hacked wifi security
> cameras.
>
> Adding the echo gets floated as an idea every now and then, and it usually
> results in a copy/paste of the same, quite vigorously unpleasant, response
> used in the past.
>
> It's not too hard (as noted in other places) to add the visual feedback
> for the user if you're writing a program or GUI interface.
> If the user is using passwd directly, they should be savvy enough to know
> it won't echo (or the admin can wrap passwd as suggested elsewhere).
>
> ==Joseph++
>
> On 09/09/2013 07:42 AM, Dazed_75 wrote:
> > "Why is it not seeing my typing?" is one of the most frequest questions I
> > get from newbies though.  Makes me wonder if it would break anything for
> > anyone if it were changes upstream to echo each input character with an
> > asterisk.  Any ideas if it would?  Would it make a difference if passwd
> or
> > getpass() were changed>  Would it be a security issue in any way?
> >
> >
> > On Mon, Sep 9, 2013 at 6:49 AM, Shawn Badger <shawn at badger.pro> wrote:
> >
> >> Thanks Brian,  i was hoping it wouldn't be that deep of a change, I
> think
> >> my users will just have to get used to it since I'm not thinking it a
> big
> >> enough problem to change the app. It is always good to be able to have
> the
> >> choice to though :)
> >>
> >>
> >>
> >>
> >>
> >> On Fri, Sep 6, 2013 at 8:51 AM, Brian Cluff <brian at snaptek.com> wrote:
> >>
> >>> I was just reading though the source for passwd and it looks like there
> >>> isn't a way to do it without rewriting parts of passwd to not use the
> >>> getpass function, or rewriting getpass itself if you want everything to
> >>> output the stars.
> >>>
> >>>         The  getpass()  function  opens  /dev/tty (the controlling
> >>>         terminal of the process), outputs the string prompt, turns off
> >>>         echoing, reads one line (the "password"), restores the terminal
> >>>         state and closes /dev/tty again.
> >>>
> >>> Brian Cluff
> >>>
> >>>
> >>> On 09/06/2013 08:13 AM, Shawn Badger wrote:
> >>>
> >>>> Thanks Larry!!
> >>>> I have found several articles on how to do form within sudo, but
> nothing
> >>>> on how to get passwd or bash to do it so far.
> >>>>
> >>>>
> >>>> On Thu, Sep 5, 2013 at 4:29 PM, Dazed_75 <lthielster at gmail.com
> >>>> <mailto:lthielster at gmail.com>> wrote:
> >>>>
> >>>>     Oops!  I misread your question.  That was for the part you already
> >>>> know.
> >>>>
> >>>>
> >>>>     On Thu, Sep 5, 2013 at 4:27 PM, Dazed_75 <lthielster at gmail.com
> >>>>     <mailto:lthielster at gmail.com>> wrote:
> >>>>
> >>>>         http://www.maketecheasier.com/**quick-tips/show-password-**
> >>>> asterisks-in-terminal<
> http://www.maketecheasier.com/quick-tips/show-password-asterisks-in-terminal
> >
> >>>>
> >>>>         worked for me :)
> >>>>
> >>>>
> >>>>         On Thu, Sep 5, 2013 at 12:55 PM, Shawn Badger <
> shawn at badger.pro
> >>>>         <mailto:shawn at badger.pro>> wrote:
> >>>>
> >>>>             I have how to display password feed back while using sudo,
> >>>>             but Google has failed me on how to display feedback while
> >>>>             running passwd in a terminal session.  Does anyone know if
> >>>>             the pwfeedback environment setting works outside of
> sudoers
> >>>>             file or an equivalent setting for the passwd command?
> >>>>
> >>>>
> >>>>
> >>>>             ------------------------------**---------------------
> >>>>             PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.
> **
> >>>> org <PLUG-discuss at lists.phxlinux.org>
> >>>>             <mailto:PLUG-discuss at lists.**phxlinux.org<
> PLUG-discuss at lists.phxlinux.org>
> >>>>>
> >>>>
> >>>>             To subscribe, unsubscribe, or to change your mail
> settings:
> >>>>             http://lists.phxlinux.org/**mailman/listinfo/plug-discuss
> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>         --
> >>>>         Dazed_75 a.k.a. Larry
> >>>>
> >>>>         Please protect my address like I protect yours. When sending
> >>>>         messages to multiple recipients, use the BCC: (Blind carbon
> >>>>         copy). Remove addresses from a forwarded message body before
> >>>>         clicking Send.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>     --
> >>>>     Dazed_75 a.k.a. Larry
> >>>>
> >>>>     Please protect my address like I protect yours. When sending
> >>>>     messages to multiple recipients, use the BCC: (Blind carbon copy).
> >>>>     Remove addresses from a forwarded message body before clicking
> Send.
> >>>>
> >>>>     ------------------------------**---------------------
> >>>>     PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.**org<
> PLUG-discuss at lists.phxlinux.org>
> >>>>     <mailto:PLUG-discuss at lists.**phxlinux.org<
> PLUG-discuss at lists.phxlinux.org>
> >>>>>
> >>>>
> >>>>     To subscribe, unsubscribe, or to change your mail settings:
> >>>>     http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> ------------------------------**---------------------
> >>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.**org<
> PLUG-discuss at lists.phxlinux.org>
> >>>> To subscribe, unsubscribe, or to change your mail settings:
> >>>> http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
> >>>>
> >>>>  ------------------------------**---------------------
> >>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.**org<
> PLUG-discuss at lists.phxlinux.org>
> >>> To subscribe, unsubscribe, or to change your mail settings:
> >>> http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
> >>>
> >>
> >>
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >>
> >
> >
> >
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130910/1bebb8ab/attachment.html>


More information about the PLUG-discuss mailing list