Re: Fwd: rethinking terminal login with security in mind
On Wed, May 05, 2021 at 01:44:24AM +0200, Alessandro Pistocchi wrote: > Sorry, my keyboard went crazy and the message was sent incomplete. > > Continuing: normally the entry of username is immediately followed by the > password entry. > However, if the OS is busy for any reason between the two entries, > character echo is still on. > If I don't notice that, I may start typing the password before the OS stops > echoing and so I show it > to anybody around who cares to look. > > Wouldn't it be better to have a way to turn off echoing of characters as > soon as I entered my username, > regardless of whether the OS is busy or not? Not really. it's your job to pay attention. Specifically, if your OS is busy or whatever, you just need to wait until the Password: prompt gets displayed, because echo gets turned off *before* that prompt happens. and the actual standard interface used won't change. See readpassphrase(3), which does already protect you against many many problems.
Fwd: rethinking terminal login with security in mind
Sorry, my keyboard went crazy and the message was sent incomplete. Continuing: normally the entry of username is immediately followed by the password entry. However, if the OS is busy for any reason between the two entries, character echo is still on. If I don't notice that, I may start typing the password before the OS stops echoing and so I show it to anybody around who cares to look. Wouldn't it be better to have a way to turn off echoing of characters as soon as I entered my username, regardless of whether the OS is busy or not? Sorry again for the double message. Best, A -- Forwarded message - From: Alessandro Pistocchi Date: Wed, May 5, 2021 at 1:39 AM Subject: rethinking terminal login with security in mind To: OpenBSD misc Hi all, I am a new user. I have been using openbsd for the last few weeks on a raspberry pi 4. I have used other unix flavours in the past. I was wondering, what about changing how echoing of characters work when logging in from the terminal? Every unix I tried, including openbsd, asks for the username and then for the password. There is an opportunity for password sniffing there. What happens is that if I entern
rethinking terminal login with security in mind
Hi all, I am a new user. I have been using openbsd for the last few weeks on a raspberry pi 4. I have used other unix flavours in the past. I was wondering, what about changing how echoing of characters work when logging in from the terminal? Every unix I tried, including openbsd, asks for the username and then for the password. There is an opportunity for password sniffing there. What happens is that if I entern