Re: LUKS password gets printed as stars

To: Curt <curty@free.fr>
Cc: debian-user@lists.debian.org
Subject: Re: LUKS password gets printed as stars
From: <tomas@tuxteam.de>
Date: Wed, 20 Dec 2017 12:36:51 +0100
Message-id: <[🔎] 20171220113651.GB349@tuxteam.de>
In-reply-to: <[🔎] slrnp3kges.429.curty@einstein.electron.org>
References: <[🔎] CAJ9BSW8LVsGBLpOLJh7JkQG_gykiN1i2edh1eUBmtCT-W3e3gA@mail.gmail.com> <[🔎] 20171218202820.GA24263@tuxteam.de> <[🔎] CAJ9BSW8it2gwym=a-+m_sr9PEBJnWwKNa1ESxwxEnE6diqoKSg@mail.gmail.com> <[🔎] 20171219182807.GC26490@tuxteam.de> <[🔎] CAJ9BSW-PTGRpaeqRsz66QtCYcpjpvL3=v740Po67QY8mHsBOBg@mail.gmail.com> <[🔎] 20171219220734.ajjavanxwboor3hl@qor.donarmstrong.com> <[🔎] 20171220074650.GA26404@tuxteam.de> <[🔎] slrnp3kges.429.curty@einstein.electron.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Dec 20, 2017 at 10:54:25AM +0000, Curt wrote:
> On 2017-12-20, <tomas@tuxteam.de> <tomas@tuxteam.de> wrote:
> >
> > On Tue, Dec 19, 2017 at 02:07:34PM -0800, Don Armstrong wrote:
> >> On Wed, 20 Dec 2017, root kea wrote:
> >> > I want *default* password agent to be consistent with traditional *Nix
> >> > password handling. And that is echoing NOTHING at all.

[...]

> > Yes, the good ol' click-to-focus culture war, I know ;-P
> 
> 
> I wonder if the suppression of the echoed asterisks on the screen
> obviates the scenario of the malevolent bystander counting the number of
> characters in the OP's password. 
> 
> Perhaps his keystrokes make no noise because he has made some provision
> to suppress the telltale auditory signals emitted by his keyboard, but
> I'm assuming our malevolent bystander (with his back, cleverly, to the
> OP's terminal) has his smartphone recording clicks.
> 
> But then again in the end the OP invokes "tradition," so all bets are
> effectively off. I suppose he could argue that at least one attack
> vector has been eliminated once he stops seeing stars, although the
> real-world utility of knowing the length of a high-entropy password
> requires demonstration.

I think the most important thing here is "give the user the possibility
to use the software as (s)he pleases" vs. "we know better than you: suck
it up". Granted, I'm biased here.

"Just tradition" is perhaps another way to frame this conflict, may
be with the other bias :-)

Cheers
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlo6S1MACgkQBcgs9XrR2kZhsACdHF+ZfxdHs8R7mw4CxfKjI3Ix
BdMAn12NgHJdEysOR1hGX16Kyd8v/YI9
=v6+R
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: LUKS password gets printed as stars
  - From: root kea <rootkea@gmail.com>
- Re: LUKS password gets printed as stars
  - From: tomas@tuxteam.de
- Re: LUKS password gets printed as stars
  - From: root kea <rootkea@gmail.com>
- Re: LUKS password gets printed as stars
  - From: tomas@tuxteam.de
- Re: LUKS password gets printed as stars
  - From: root kea <rootkea@gmail.com>
- Re: LUKS password gets printed as stars
  - From: Don Armstrong <don@debian.org>
- Re: LUKS password gets printed as stars
  - From: <tomas@tuxteam.de>
- Re: LUKS password gets printed as stars
  - From: Curt <curty@free.fr>

Prev by Date: Re: Debian, FF & NavyFed
Next by Date: Re: Debian networking - accessing public-side servers from a private network
Previous by thread: Re: LUKS password gets printed as stars
Next by thread: Needed - a byte perfect image of an entire partition
Index(es):
- Date
- Thread