From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) by hurricane.the-brannons.com (Postfix) with ESMTPS id ECC2A21DE01 for ; Fri, 18 Dec 2015 05:59:09 -0800 (PST) Received: by mail-wm0-x230.google.com with SMTP id l126so66743852wml.1 for ; Fri, 18 Dec 2015 05:59:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=ROyRhzHzW/HjdnAeYTm+Sf6CSdXK5gr0jdUODHCZID8=; b=HMUnhPEI51FUBJT3V48v/kawaSzuCRnOEMHawASjkrr/ugfeEyVSQqmEfjVHOnf8Ib 9keEV43MMEstB6Tag7tsO19CehpP/j0LP/cCHQOYnokUu98t0UgUT374twcasLyO8lWB Medo4AlW8VyiYXFHIygSsZWnyXPaNT3qrWpTyKhrHy7GGVejLUF2fZhCwbytgjYrNClp PSvBHyC13pc8DrzliZw8IG8uvTlpwn8P6C6HIQ/crFsoe0170xieGG+C+KQJ9FsAFWNF aNfz7ZRusVZxGmbpWOegIgExDP51jeTFhYfBsE98VrimQcTqIO0KNUCXOkm/My7rV3zW PZPA== X-Received: by 10.28.194.7 with SMTP id s7mr3395126wmf.29.1450447156053; Fri, 18 Dec 2015 05:59:16 -0800 (PST) Received: from 122oven.adamthompson.me.uk (c.2.2.f.4.7.e.f.f.f.d.1.4.2.2.0.2.4.0.9.2.4.1.1.0.b.8.0.1.0.0.2.ip6.arpa. [2001:8b0:1142:9042:224:1dff:fe74:f22c]) by smtp.gmail.com with ESMTPSA id u126sm6786567wme.3.2015.12.18.05.59.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 Dec 2015 05:59:15 -0800 (PST) Date: Fri, 18 Dec 2015 13:58:56 +0000 From: Adam Thompson To: Chris Brannon Cc: Edbrowse-dev@lists.the-brannons.com Message-ID: <20151218135856.GA2770@122oven.adamthompson.me.uk> References: <20151217134608.GA4216@acer.attlocal.net> <87h9jgivuj.fsf@mushroom.localdomain> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="PEIAKu/WMn1b1Hv9" Content-Disposition: inline In-Reply-To: <87h9jgivuj.fsf@mushroom.localdomain> User-Agent: Mutt/1.5.24 (2015-08-30) Subject: Re: [Edbrowse-dev] masking of passwords X-BeenThere: edbrowse-dev@lists.the-brannons.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Edbrowse Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Dec 2015 13:59:10 -0000 --PEIAKu/WMn1b1Hv9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 17, 2015 at 01:55:16PM -0800, Chris Brannon wrote: > Kevin Carhart writes: >=20 > > I know that at the time I type i2=3Dpassword, > > or something, edbrowse > > has no way of knowing what I want to do next >=20 > Yeah, generally that is true. However, I've seen programs be pretty > smart about this. For example, the IRC client weechat will > start printing masking characters as soon as you type the string > /msg nickserv identify > For those not familiar with IRC, this is often how you authenticate your = account, > by sending a private message to a bot named nickserv. > We could do that kind of cleverness in edbrowse, > but I like your "invisible mode" idea. Doing that would require a change in how edbrowse handles terminal input. Specifically we currently wait for a line to be entered before we process i= t, but in order for such fancy things as i2=3D to cause imediate password mask= ing we'd need to process each keystroke. What I generally do (on linux) is use: !stty -echo To enter the password then (quickly): !clear To remove the printed line. I suspect displayLine could be altered in some way to avoid the screen printing, but I'm not so sure about the non-echoing. I think that, rather than an invisible mode, I'd prefer something like a pw command which'd take a field number and then display a non-echoing prompt, i.e.: pw2 Password for field 2: And then have the field print as ... (i.e. for my gmail account this would = read): <...> The reason for the fixed ... is that it means you can't guess password leng= th (probably rather paranoid). If the field was blank then it would print as a= blank field. If someone used i2 rather than the pw command then the field would still pr= int as ... but obviously the i2 line would remain both visible and in the readline his= tory (in readline mode). Any thoughts? Cheers, Adam. --PEIAKu/WMn1b1Hv9 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWdBEgAAoJELZ22lNQBzHO9GIH/RHFJerZZbveAW28IpOgENIP zG/psxW1klAOtiJOfikZd0k70tdxO07qOQPfah83nvZlz9aRUwZcUzcsGVLgq/aW I2nxf8hRKW0iWLkMlgW5Y9mSVrQMO4UHLGOd25gIb2/1QC8n3NToiGW2AZeBH18U freALxJLDnW6SGABOQAscjg0Y0AXA4BYzIhHpYlNr8OmrA4YiL1HvWSrhX1B8BXE Z3sJJjwYRYsL9BbTWjEJHMkqlR8er1dFrvuzGcRphsNwqOJtGzuSl1SvW0C9xuHB zHly1XWcr1ZLYdLYbHP3XIOZDMTqjWMoqKLB2/9pItOUboCy3kQsvWvywpxhhZ4= =rofn -----END PGP SIGNATURE----- --PEIAKu/WMn1b1Hv9--