systemd-ask-password echoes stars(*) by default
(too old to reply)
root kea
2017-12-20 10:34:37 UTC

I am using LUKS on Debian Stretch with an encrypted /home and swap partitions.

When the system boots `cryptsetup` asks password to decrypt swap. That
password doesn't get echoed on terminal at all. Totally expected
behavior. [0]

But then `systemd-ask-password` asks password to decrypt /home and
that password gets echoed on terminal as star(*) chars by default.
Turns out one needs to press TAB or BACKSPACE to turn off the echo.

Is this an intended behavior or am I missing something?

If this is indeed an intended behavior then I would like to propose
that the default behavior of `systemd-ask-password` should be to echo
nothing at all and echo (if at all) stars(*) when the user presses a
special key (e.g TAB or BACKSPACE) to test whether their input works
or not.

There are primarily 2 reasons behind this proposal:
1. Security by obscurity (hiding the length of pass-phrase by default)
2. Consistency (with sudo, cryptsetup, login etc.)

Thank you.

[0] https://imgur.com/bC4AF6H
[1] https://imgur.com/u4nw6Lb

Avinash Sonawane (rootKea)
PICT, Pune