Display feedback while typing password in terminal.
Shawn Badger
shawn at badger.pro
Tue Sep 10 07:28:59 MST 2013
I guess if we wan tit that bad we will have to wrap it like JD and others
have suggested.
Thanks for everyone's suggestions!!
On Mon, Sep 9, 2013 at 7:45 PM, Joseph Sinclair
<plug-discussion at stcaz.net>wrote:
> Changing it to echo the output would, in fact, break a TON of things,
> particularly if getpass() were changed, since a lot of calls like that
> don't actually have an attached terminal (we programmers do weird things
> sometimes). Even passwd is used in situations where echo would break
> scripts and programs written with somewhat delicate assumptions about
> output.
>
> The primary reason the password prompts don't echo input is precisely
> because knowing the exact length of a password is a huge advantage when
> trying to break into a system, and the echo could easily be picked up via
> network sniffers(packet count) or by various forms of offline or social
> attack, ranging from simple shoulder surfing to hacked wifi security
> cameras.
>
> Adding the echo gets floated as an idea every now and then, and it usually
> results in a copy/paste of the same, quite vigorously unpleasant, response
> used in the past.
>
> It's not too hard (as noted in other places) to add the visual feedback
> for the user if you're writing a program or GUI interface.
> If the user is using passwd directly, they should be savvy enough to know
> it won't echo (or the admin can wrap passwd as suggested elsewhere).
>
> ==Joseph++
>
> On 09/09/2013 07:42 AM, Dazed_75 wrote:
> > "Why is it not seeing my typing?" is one of the most frequest questions I
> > get from newbies though. Makes me wonder if it would break anything for
> > anyone if it were changes upstream to echo each input character with an
> > asterisk. Any ideas if it would? Would it make a difference if passwd
> or
> > getpass() were changed> Would it be a security issue in any way?
> >
> >
> > On Mon, Sep 9, 2013 at 6:49 AM, Shawn Badger <shawn at badger.pro> wrote:
> >
> >> Thanks Brian, i was hoping it wouldn't be that deep of a change, I
> think
> >> my users will just have to get used to it since I'm not thinking it a
> big
> >> enough problem to change the app. It is always good to be able to have
> the
> >> choice to though :)
> >>
> >>
> >>
> >>
> >>
> >> On Fri, Sep 6, 2013 at 8:51 AM, Brian Cluff <brian at snaptek.com> wrote:
> >>
> >>> I was just reading though the source for passwd and it looks like there
> >>> isn't a way to do it without rewriting parts of passwd to not use the
> >>> getpass function, or rewriting getpass itself if you want everything to
> >>> output the stars.
> >>>
> >>> The getpass() function opens /dev/tty (the controlling
> >>> terminal of the process), outputs the string prompt, turns off
> >>> echoing, reads one line (the "password"), restores the terminal
> >>> state and closes /dev/tty again.
> >>>
> >>> Brian Cluff
> >>>
> >>>
> >>> On 09/06/2013 08:13 AM, Shawn Badger wrote:
> >>>
> >>>> Thanks Larry!!
> >>>> I have found several articles on how to do form within sudo, but
> nothing
> >>>> on how to get passwd or bash to do it so far.
> >>>>
> >>>>
> >>>> On Thu, Sep 5, 2013 at 4:29 PM, Dazed_75 <lthielster at gmail.com
> >>>> <mailto:lthielster at gmail.com>> wrote:
> >>>>
> >>>> Oops! I misread your question. That was for the part you already
> >>>> know.
> >>>>
> >>>>
> >>>> On Thu, Sep 5, 2013 at 4:27 PM, Dazed_75 <lthielster at gmail.com
> >>>> <mailto:lthielster at gmail.com>> wrote:
> >>>>
> >>>> http://www.maketecheasier.com/**quick-tips/show-password-**
> >>>> asterisks-in-terminal<
> http://www.maketecheasier.com/quick-tips/show-password-asterisks-in-terminal
> >
> >>>>
> >>>> worked for me :)
> >>>>
> >>>>
> >>>> On Thu, Sep 5, 2013 at 12:55 PM, Shawn Badger <
> shawn at badger.pro
> >>>> <mailto:shawn at badger.pro>> wrote:
> >>>>
> >>>> I have how to display password feed back while using sudo,
> >>>> but Google has failed me on how to display feedback while
> >>>> running passwd in a terminal session. Does anyone know if
> >>>> the pwfeedback environment setting works outside of
> sudoers
> >>>> file or an equivalent setting for the passwd command?
> >>>>
> >>>>
> >>>>
> >>>> ------------------------------**---------------------
> >>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.
> **
> >>>> org <PLUG-discuss at lists.phxlinux.org>
> >>>> <mailto:PLUG-discuss at lists.**phxlinux.org<
> PLUG-discuss at lists.phxlinux.org>
> >>>>>
> >>>>
> >>>> To subscribe, unsubscribe, or to change your mail
> settings:
> >>>> http://lists.phxlinux.org/**mailman/listinfo/plug-discuss
> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Dazed_75 a.k.a. Larry
> >>>>
> >>>> Please protect my address like I protect yours. When sending
> >>>> messages to multiple recipients, use the BCC: (Blind carbon
> >>>> copy). Remove addresses from a forwarded message body before
> >>>> clicking Send.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Dazed_75 a.k.a. Larry
> >>>>
> >>>> Please protect my address like I protect yours. When sending
> >>>> messages to multiple recipients, use the BCC: (Blind carbon copy).
> >>>> Remove addresses from a forwarded message body before clicking
> Send.
> >>>>
> >>>> ------------------------------**---------------------
> >>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.**org<
> PLUG-discuss at lists.phxlinux.org>
> >>>> <mailto:PLUG-discuss at lists.**phxlinux.org<
> PLUG-discuss at lists.phxlinux.org>
> >>>>>
> >>>>
> >>>> To subscribe, unsubscribe, or to change your mail settings:
> >>>> http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> ------------------------------**---------------------
> >>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.**org<
> PLUG-discuss at lists.phxlinux.org>
> >>>> To subscribe, unsubscribe, or to change your mail settings:
> >>>> http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
> >>>>
> >>>> ------------------------------**---------------------
> >>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.**org<
> PLUG-discuss at lists.phxlinux.org>
> >>> To subscribe, unsubscribe, or to change your mail settings:
> >>> http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
> >>>
> >>
> >>
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >>
> >
> >
> >
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130910/1bebb8ab/attachment.html>
More information about the PLUG-discuss
mailing list