[systemd-devel] crypto: to show stars or not to show them

Jan Engelhardt jengelh at medozas.de
Thu Mar 17 16:18:09 PDT 2011 

On Thursday 2011-03-17 00:27, Lennart Poettering wrote:
>> 
>> Well, as I mentioned earlier, certain implementations use a
>> three-star-per-character so that there is at least some feedback. How
>> about using that?
>
>I am not sure I follow here, if we always show 3 asterisks then it
>should be much easier to get an idea how long your password is.

Not so much, because it is easier to lose track in counting 18 stars 
than it is for 6. Yeah, corner cases, let's forget about it.

>What some programs do is randomly pick between 1 and 3 asterisks for 
>each char. That probably does make some sense, though might be quite 
>confusing to the user, dunno?

I suppose it's the classical

1. Nature will produce a better idiot anytime.

Ok so changing the amount per input character does not seem to go 
anywhere.

>> Or, something crazy that just came to my mind is using one (or
>> more) U+2501 per input character. Provided you have a proper
>> font, this will produce a continuous line which is harder to
>> estimate than chars having blank pixels between them.
>
>Well, but we cannot rely that the terminal used is unicode-capable. Note
>that this prompt might be shown on serial terminals with weirdo
>Windows-based software on the other side, which almost definitely cannot
>to UTF-8. The only continuous line in 7 bit ascii we could draw is with
>underscores, but that might be irritating, too?

To use a past-time Kinder Surprise meme:

“Telnet/Serial terminal program?
Windows?
UTF-8?
But that's three things at once!”

* Any user who knows what a terminal program for should be capable of 
grabbing PuTTY.

* In fact, an uncounted number of Linux distributions have already 
deactivated the knobs in /etc/profile* that were used to detect whether 
an ssh client is classic 8-bit or UTF-8.

* I think it is much more irritating that the Solaris console swaps ^H 
with Backspace.

* When you are on serial, you don't really care what the visual 
representation for an entered password is, as long as it gets you in, 
the machine back up, and the boss happy.


Meanwhile, I have two new suggestions.

	\e[37;47m*

Upside:
* US-ASCII compliant

* Provides a continuous graphic representation on VT100-capable 
terminals

* Color-suppressing terminals (like Windows 9x telnet.exe IIRC) would 
just display stars (in case 1), so that user group too is happy. Did I 
already 
mention you could use putty?

* systemd already emits VT100 codes, so no additional annoyance would 
ensue.

Downside:
* It may not be very visible if you have weird tastes in terminal 
colors.

An alternative would be simple inversion and spaces:

	\e[7m\x20

More information about the systemd-devel mailing list