On Sun, July 3, 2016 23:03, 積丹尼 Dan Jacobson wrote: > Package: login > Version: 1:4.2-3.1 > Severity: wishlist > > Perhaps echo > Password: * > Password: ** > Password: ***... > as one types, by default, like all moble apps do these days. > Test to be sure DEL eats them back too.
Sudo has had this feature for a while with the pwfeedback (was pwstars) configure item, but the flag is disabled by default as they note in the source of sudoers.pod: "Note that this does have a security impact as an onlooker may be able to determine the length of the password being entered." If it is added, it would be suggested to have it disabled by default for shadow. Sincerely, William Harrington
