Date: Tue, 23 Dec 2025 03:55:08 +1000
From: Martin D Kealey <[email protected]>
Message-ID:
<can_u6mwbhst9ncu_wgzqanuq6_9-nug8cntsmbycra1vbrn...@mail.gmail.com>
| But I'm not going to lose sleep over it, because shoulder surfing attacks
| are (a) vanishingly small compared with remote attacks, and (b) easy to
| mitigate even for an utterly naive user.
That's absurd, nothing anyone is in any way concerned with (in this
discussion) has anything to do with remote attacks.
If you really don't care about shoulder surfing attacks, then just
leave echo enabled, and allow the password typed to be visible, that's
far better for the utterly naive user than any other suggestion that
has been made:
| The patch I've provided has two mitigation strategies available:
| 1. use a mixture of normal and wide characters as the substitutes;
| 2. multi-glyph mode can display multiple characters per inpuf key.
| Both of these make it harder to count the number of real characters;
| There's also :random mode, which continuously changes the displayed
| characters.
And all that looks to me just like writing code to show that you can do
it, rather than to produce something actually useful.
How on earth do you decide that displaying continuously changing random
noise is going to be better for a naive user (who is not going to have
any idea that they could configure any of this - if they knew that they
wouldn't be a naive user) than just displaying nothing?
I also don't buy the "just pull the power cord" as something that is
really very likely to happen because echo is off. Don't any of you
expect that in the random banging on the keyboard, getting no response,
one of the keys likely to be banged (more likely than any other I'd
guess) is the return key, after which the echoless read is done, and
a "password incorrect" or similar response is received, and the keyboard
echoes again. At that point even the most naive user will work out
what happened, and not be surprised the second time.
This whole discussion is nonsense.
kre
