Re: LUKS password gets printed as stars
On 2017-12-20, <tomas@tuxteam.de> <tomas@tuxteam.de> wrote:
>
> On Tue, Dec 19, 2017 at 02:07:34PM -0800, Don Armstrong wrote:
>> On Wed, 20 Dec 2017, root kea wrote:
>> > I want *default* password agent to be consistent with traditional *Nix
>> > password handling. And that is echoing NOTHING at all.
>>
>> You can just recompile systemd-ask-password and set ASK_PASSWORD_SILENT
>> true. This probably should be a command-line option, though. I suspect
>> that a bug report with a patch will be well received.
>
> This was what we were missing, thanks Dan.
>
> [...]
>
>> The default is this way because it's less surprising to users who aren't
>> used to this style of password prompt. I personally prefer the other way
>> around, but that's because I already know what is going on and can
>> change it if I care.
>
> Yes, the good ol' click-to-focus culture war, I know ;-P
I wonder if the suppression of the echoed asterisks on the screen
obviates the scenario of the malevolent bystander counting the number of
characters in the OP's password.
Perhaps his keystrokes make no noise because he has made some provision
to suppress the telltale auditory signals emitted by his keyboard, but
I'm assuming our malevolent bystander (with his back, cleverly, to the
OP's terminal) has his smartphone recording clicks.
But then again in the end the OP invokes "tradition," so all bets are
effectively off. I suppose he could argue that at least one attack
vector has been eliminated once he stops seeing stars, although the
real-world utility of knowing the length of a high-entropy password
requires demonstration.
> Thanks for the insight!
>
> Cheers
> - -- t
>
>
--
"An autobiography is only to be trusted when it reveals something disgraceful.
A man who gives a good account of himself is probably lying, since any life
when viewed from the inside is simply a series of defeats."
— George Orwell
Reply to: