Resident Pulser

Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords

https://infosec.pub/post/43804561

Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords - Infosec.Pub

Comments

Mar 22 at 10:00amWeb
Show threadx00z2d ago
Cool. I like it.
Show threadLouNeko2d ago
I always thought this was a security feature. Guessing a password that you don’t know the length of is a lot harder.
Show threadTrickDacy2d ago
That is the reason for it. But I think people are finally admitting the scenarios where it actually helps security are exceedingly rare.
Show threadsik0fewl2d ago

“Security is theoretically worse since password lengths are exposed to people watching your screen, but this is an infinitesimal benefit far outweighed by the UX issue.”

— SUDO-RS UPSTREAM COMMIT MESSAGE, ENABLING PWFEEDBACK BY DEFAULT

Do people actually struggle with this, UX-wise? I find that I mistype my password just as often whether or not it is silent or asterisks.

Show threadTrickDacy2d ago
I have many times accidentally pressed a single key and then had to start over because I had no feedback to confirm it’s only one accidental key press.
Show threadMartineski2d ago
I also hold the backspace for a (relatively) stupid long amount of time when I do know I made a typo because of no feedback on that either. Lol
Show threadTrickDacy2d ago
Yep. I either do that or Ctrl-C and run the command again. I think many of those will be avoidable with feedback
Show threadrbos2d ago
Ctrl-U clears the line.
Show threadFlipper2d ago
The first time i came across a sudo prompt i thought i didnt work. Yes. I think its bad for new comers.
Show threadsik0fewl2d ago
Ha. Didn’t even think of that. It definitely used to be a more common pattern.
Show threadbold_omi2d ago
Ah. They removed a security feature. What a joy.
Show threadapftwb2d ago
If a malicious actor being able to see your terminal is part of your threat model, then remove pwfeedback from the sudoers file.