Re: [Edbrowse-dev] masking of passwords

edbrowse-dev - development list for edbrowse
 help / color / mirror / Atom feed

From: Adam Thompson <arthompson1990@gmail.com>
To: Chris Brannon <chris@the-brannons.com>
Cc: Edbrowse-dev@lists.the-brannons.com
Subject: Re: [Edbrowse-dev] masking of passwords
Date: Fri, 18 Dec 2015 13:58:56 +0000	[thread overview]
Message-ID: <20151218135856.GA2770@122oven.adamthompson.me.uk> (raw)
In-Reply-To: <87h9jgivuj.fsf@mushroom.localdomain>

[-- Attachment #1: Type: text/plain, Size: 1965 bytes --]

On Thu, Dec 17, 2015 at 01:55:16PM -0800, Chris Brannon wrote:
> Kevin Carhart <kevin@carhart.net> writes:
> 
> > I know that at the time I type i2=password,
> > or something, edbrowse
> > has no way of knowing what I want to do next
> 
> Yeah, generally that is true.  However, I've seen programs be pretty
> smart about this.  For example, the IRC client weechat will
> start printing masking characters as soon as you type the string
> /msg nickserv identify
> For those not familiar with IRC, this is often how you authenticate your account,
> by sending a private message to a bot named nickserv.
> We could do that kind of cleverness in edbrowse,
> but I like your "invisible mode" idea.

Doing that would require a change in how edbrowse handles terminal input.
Specifically we currently wait for a line to be entered before we process it,
but in order for such fancy things as i2= to cause imediate password masking
we'd need to process each keystroke.

What I generally do (on linux) is use:
!stty -echo

To enter the password then (quickly):
!clear

To remove the printed line. I suspect displayLine could be altered in
some way to avoid the screen printing,
but I'm not so sure about the non-echoing.
I think that, rather than an invisible mode,
I'd prefer something like a pw command which'd take a field number and then
display a non-echoing prompt, i.e.:
pw2
Password for field 2: <password goes here>

And then have the field print as ... (i.e. for my gmail account this would read):
<arthompson1990@gmail.com> <...>

The reason for the fixed ... is that it means you can't guess password length
(probably rather paranoid). If the field was blank then it would print as a blank field.
If someone used i2 rather than the pw command then the field would still print as ...
but obviously the i2 line would remain both visible and in the readline history
(in readline mode).

Any thoughts?

Cheers,
Adam.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

next prev parent reply	other threads:[~2015-12-18 13:59 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-17 13:46 [Edbrowse-dev] Non-technical rant Chuck Hallenbeck
2015-12-17 14:52 ` Chris Brannon
2015-12-17 15:31   ` Karl Dahlke
2015-12-17 16:26     ` Chris Brannon
2015-12-17 20:56       ` [Edbrowse-dev] alt.ensign.crusher.die.die.die Kevin Carhart
2015-12-18 14:12         ` Adam Thompson
2015-12-19 23:40           ` [Edbrowse-dev] XHR Kevin Carhart
2015-12-21 23:29             ` Adam Thompson
2015-12-22  3:44               ` Kevin Carhart
2015-12-22  4:13                 ` Kevin Carhart
2015-12-22 15:28                 ` Karl Dahlke
2015-12-22 20:04                   ` Kevin Carhart
2015-12-23 18:52                     ` Adam Thompson
2015-12-17 21:00 ` [Edbrowse-dev] Non-technical rant Kevin Carhart
2015-12-17 21:38   ` [Edbrowse-dev] masking of passwords Kevin Carhart
2015-12-17 21:55     ` Chris Brannon
2015-12-18 13:58       ` Adam Thompson [this message]
2015-12-18 15:13         ` Karl Dahlke
2015-12-19 23:55           ` Kevin Carhart
2015-12-17 22:13     ` Karl Dahlke
2015-12-18  0:00       ` Kevin Carhart

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151218135856.GA2770@122oven.adamthompson.me.uk \
    --to=arthompson1990@gmail.com \
    --cc=Edbrowse-dev@lists.the-brannons.com \
    --cc=chris@the-brannons.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).