Re: LUKS password gets printed as stars
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Dec 20, 2017 at 10:54:25AM +0000, Curt wrote:
> On 2017-12-20, <tomas@tuxteam.de> <tomas@tuxteam.de> wrote:
> >
> > On Tue, Dec 19, 2017 at 02:07:34PM -0800, Don Armstrong wrote:
> >> On Wed, 20 Dec 2017, root kea wrote:
> >> > I want *default* password agent to be consistent with traditional *Nix
> >> > password handling. And that is echoing NOTHING at all.
[...]
> > Yes, the good ol' click-to-focus culture war, I know ;-P
>
>
> I wonder if the suppression of the echoed asterisks on the screen
> obviates the scenario of the malevolent bystander counting the number of
> characters in the OP's password.
>
> Perhaps his keystrokes make no noise because he has made some provision
> to suppress the telltale auditory signals emitted by his keyboard, but
> I'm assuming our malevolent bystander (with his back, cleverly, to the
> OP's terminal) has his smartphone recording clicks.
>
> But then again in the end the OP invokes "tradition," so all bets are
> effectively off. I suppose he could argue that at least one attack
> vector has been eliminated once he stops seeing stars, although the
> real-world utility of knowing the length of a high-entropy password
> requires demonstration.
I think the most important thing here is "give the user the possibility
to use the software as (s)he pleases" vs. "we know better than you: suck
it up". Granted, I'm biased here.
"Just tradition" is perhaps another way to frame this conflict, may
be with the other bias :-)
Cheers
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlo6S1MACgkQBcgs9XrR2kZhsACdHF+ZfxdHs8R7mw4CxfKjI3Ix
BdMAn12NgHJdEysOR1hGX16Kyd8v/YI9
=v6+R
-----END PGP SIGNATURE-----
Reply to: