[systemd-devel] crypto: to show stars or not to show them

Graham Cantin kamilion at gmail.com
Tue Mar 29 03:47:14 PDT 2011 

On Mon, Mar 28, 2011 at 3:10 PM, Jan Engelhardt <jengelh at medozas.de> wrote:
>
> On Monday 2011-03-28 23:29, Lennart Poettering wrote:
>
> >On Sun, 27.03.11 23:52, Jan Engelhardt (jengelh at medozas.de) wrote:
> >
> >>
> >> On Friday 2011-03-18 01:41, Lennart Poettering wrote:
> >>
> >> >On Fri, 18.03.11 00:18, Jan Engelhardt (jengelh at medozas.de) wrote:
> >> >
> >> >> Meanwhile, I have two new suggestions.
> >> >
> >> >I have one too (or actually Kay came up with it), and I think you are
> >> >going to like it:
> >> >
> >> >Start with showing input feedback as we currently do. If the user then
> >> >presses TAB the stars disappear, and instead we show "(no echo)" or
> >> >so. Then, the user can proceed with typing his password without
> >> >asterisks.
> >> >[...]
> >>
> >> Incorporating Graham's suggestion to use BKSP instead:
> >
> >Hmm?
> >
> >Backspace? Why backspace?
>

I should note here some semantics after pondering on your code for a bit.

To make this crystal clear: The backspace should only enable noecho in
an *empty field*.

Backspace at the very beginning of a new password prompt should enable noecho.
However; if echo is on, If you press enter with a bad or empty
password, the flag should reset and allow the noecho toggle again.
If you type something, then hold backspace; echo should still be on.
Press enter to clear the flag; start a new password entry prompt and
then tap backspace in the empty field to enable noecho.

Tab just seems like a bad idea with wayland and plymouth bringing X up
early; and since toolkits can talk directly to wayland, it would be
possible to have a graphical query during early boot (Hello Embedded
developers!). At that point, I would assume there would be two buttons
in the interface, "Cancel" and "Accept" and I would expect tab would
move me between the password query and the buttons, not enable noecho.
In some cases; I might even expect an onscreen keyboard (pocketbook
AMD E-350 anyone?).


>
> Quoting Graham:
>
> "On a slightly different note; Would it be possible to watch for
> unprintable keys? For example, what about a single backspace/delete at
> the start of the prompt, before you've entered anything? I'm used to tab
> making things appear, not making things disappear. On the other hand,
> I'm used to backspace/delete making things disappear; so it feels more
> logical to me."
>
> >I am not sure I like the idea and neither does
> >Kay who I discussed this with earlier today. If people mistype their
> >passwords, they tend to backspace them away again, and start anew. I am
> >pretty sure if they do that they'd be quite surprised if the password is
> >hidden completely even when they try to retype it afterwards.
>
> It was intended that once you typed something, going BKSP and getting a
> quiet prompt should not be possible anymore. I fixed that bug now; New
> patch is at git://dev.medozas.de/systemd now. (Also below)
>
>
> >I think it would be a bad idea to overload an existing key with a well
> >defined meaning with a different meaning,
>
> \b is better because you can't take anything away at the start of
> prompt. \t instead creates and so is not easily distinguishable from the
> actual phrase.
>
> >based on where the cursor
> >is. To keep things simple we should pick a currently unused key, which
> >TAB is. TAB in most UIs is used to switch between different UI
> >elements. I think this translates relatively well to the different
> >display modes in this context.
> >
> >I have commited your patch nonetheless, but then replaced Backspace by
> >TAB in a subsequent patch. Would be cool if you could check if the
> >version in git still does what you need.
>
> Uh.
> *rediffs patch*
> *upload to git*
>
>
> parent 2d87855ae873aa3a4816c8e3a37e5ec06cc65c5e (v20-113-g2d87855)
> commit 2e6d9fe9b5397afb856f0a993fb76a0d9a1d1977
> Author: Jan Engelhardt <jengelh at medozas.de>
> Date:   Fri Mar 18 00:18:50 2011 +0100
>
> ask-password: use backspace for silent prompt
>
> Previous ask-password patch was somewhat flakey, but was applied
> nevertheless in a hurry.
>
> Activating noecho mode was only meant to be possible with the very
> first key.
>
> Restore use of bksp.
>
> References: http://lists.freedesktop.org/archives/systemd-devel/2011-March/001694.html
> ---
>  src/ask-password-api.c |   27 ++++++++++++++-------------
>  1 files changed, 14 insertions(+), 13 deletions(-)
>
> diff --git a/src/ask-password-api.c b/src/ask-password-api.c
> index cb05590..9e98bbf 100644
> --- a/src/ask-password-api.c
> +++ b/src/ask-password-api.c
> @@ -60,7 +60,7 @@ int ask_password_tty(
>         int r, ttyfd = -1, notify = -1;
>         struct pollfd pollfd[2];
>         bool reset_tty = false;
> -        bool silent_mode = false;
> +        int silent_mode = 0;
>         enum {
>                 POLL_TTY,
>                 POLL_INOTIFY
> @@ -170,32 +170,33 @@ int ask_password_tty(
>                         break;
>                 else if (c == 21) { /* C-u */
>
> -                        if (!silent_mode)
> +                        if (silent_mode <= 0)
>                                 backspace_chars(ttyfd, p);
>                         p = 0;
>
>                 } else if (c == '\b' || c == 127) {
> +                        if (p == 0 && silent_mode == 0) {
> +                                silent_mode = 1;
> +                                loop_write(ttyfd, "(no echo) ", 10, false);
> +                        } else if (p > 0) {
>
> -                        if (p > 0) {
> -
> -                                if (!silent_mode)
> +                                if (silent_mode <= 0)
>                                         backspace_chars(ttyfd, 1);
>
>                                 p--;
>                         } else if (ttyfd >= 0)
>                                 loop_write(ttyfd, "\a", 1, false);
>
> -                } else if (c == '\t' && !silent_mode) {
> -
> -                        backspace_chars(ttyfd, p);
> -                        silent_mode = true;
> -
> -                        if (ttyfd >= 0)
> -                                loop_write(ttyfd, "(no echo) ", 10, false);
>                 } else {
> +                        if (silent_mode == 0)
> +                                /*
> +                                 * If anything was entered, disable going
> +                                 * silent later on.
> +                                 */
> +                                silent_mode = -1;
>                         passphrase[p++] = c;
>
> -                        if (!silent_mode && ttyfd >= 0)
> +                        if (silent_mode <= 0 && ttyfd >= 0)
>                                 loop_write(ttyfd, "*", 1, false);
>                 }
>         }
> --
> # Created with git-export-patch
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel



--
[     Graham Cantin      ] | (408) 890-7463 - Google Voice FindME
[   NASA Ames Research   ] | Building 19, Moffett Field, CA
"As living spies we must recruit men who are intelligent but appear
to be stupid; who seem to be dull but are strong in heart; men who are
agile, vigorous, hardy, and brave; well-versed in lowly matters and able
to endure hunger, cold, filth, and humiliation." - Tu Mu (803-825)

More information about the systemd-devel mailing list