Actually I agree that printing substitute symbols does leak a small amount of information to an attacker who can look over your shoulder.
But I'm not going to lose sleep over it, because shoulder surfing attacks are (a) vanishingly small compared with remote attacks, and (b) easy to mitigate even for an utterly naive user. The patch I've provided has two mitigation strategies available: 1. use a mixture of normal and wide characters as the substitutes; 2. multi-glyph mode can display multiple characters per inpuf key. Both of these make it harder to count the number of real characters; There's also :random mode, which continuously changes the displayed characters. In any case, it is a user-settable preference in ~/.inputrc, rather than something enforced by individual programs. Users can make their own choices. -Martin On Mon, 22 Dec 2025, 17:52 Robert Elz, <[email protected]> wrote: > Date: Sun, 21 Dec 2025 13:23:29 -0800 > From: Bruce Jerrick <[email protected]> > Message-ID: <[email protected]> > > | I don't think it would "rarely" be used. It would be a good thing > | to have when reading a password. > > Displaying anything while reading passwords is a security problem, > it makes it too easy for someone who can, even just briefly, observe > the screen, to determine how many characters long the password is. > It is bad enough on phones, but at least the screens of those can > usually be kept hidden, it is horrid on computer monitors, which can > usually be seen from the other side of even a fairly large room. > > Just don't do that. > > kre > > >
