2017-12-20 10:34:37 UTC
I am using LUKS on Debian Stretch with an encrypted /home and swap partitions.
When the system boots `cryptsetup` asks password to decrypt swap. That
password doesn't get echoed on terminal at all. Totally expected
But then `systemd-ask-password` asks password to decrypt /home and
that password gets echoed on terminal as star(*) chars by default.
Turns out one needs to press TAB or BACKSPACE to turn off the echo.
Is this an intended behavior or am I missing something?
If this is indeed an intended behavior then I would like to propose
that the default behavior of `systemd-ask-password` should be to echo
nothing at all and echo (if at all) stars(*) when the user presses a
special key (e.g TAB or BACKSPACE) to test whether their input works
There are primarily 2 reasons behind this proposal:
1. Security by obscurity (hiding the length of pass-phrase by default)
2. Consistency (with sudo, cryptsetup, login etc.)
Avinash Sonawane (rootKea)