Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
0xbadcafebee 8 hours ago

They could have just made it an option to enable the new behavior. There was no need to change the default.

As for security: 'shoulder surfing' may not be as much of a concern, but watching a livestream or presentation of someone who uses sudo will now expose the password length over the internet (and it's recorded for posterity, so all the hackers can find it later!). They've just introduced a new vulnerability to the remote world.

post-it 7 hours ago | parent | next [-]

Someone live streaming is well attuned to the dangers of exposing personal information on screen, and will hesitate before ever typing a password while streaming. They'll either disable this feature or open a root shell before beginning their stream.

Besides, I can just amplify their stream to hear their keypresses.

halapro 7 hours ago | parent | next [-]

This is really a non-issue, all password fields behave this way, so it's not like this is a new computer behavior. This change only aligns sudo to literally everything else.

0xbadcafebee 4 hours ago | parent | prev [-]

> Someone live streaming is well attuned to the dangers of exposing personal information

You actually believe that every person in the world who shares their screen is aware of computer security best practices? Or are we only limiting this generalization to every one of the millions of YouTube/Twitch livestreamers?

> I can just amplify their stream to hear their keypresses.

Maybe if they have Cherry MX Blues? A normal keyboard would not get picked up by modern apps' recording noise suppression (the filters are designed to eliminate the sound rather than merely lower volume).

post-it 4 hours ago | parent [-]

What I do believe is that every person in the world who arrives at a sudo prompt had previously entered a password into a field that echoed asterisks, and as such is prepared to appropriately conceal their password.

roger_ 7 hours ago | parent | prev | next [-]

Why no need to make it the default? I’m all for rethinking legacy decisions.

It helps 99% of the user base and the security risk seems negligible.

0xbadcafebee 4 hours ago | parent [-]

Rethinking would imply there was thinking going on. This decision was made on vibes alone.

LinXitoW 2 hours ago | parent | next [-]

If anything, the people clinging to this snake oil security theater are the ones running on vibes alone.

4 hours ago | parent | prev [-]
[deleted]
eapressoandcats 34 minutes ago | parent | prev | next [-]

They’d still need to have access to the device, so it shouldn’t be a problem unless other passwords are the same as your device password.

Also what demos are you doing that require sudo access to your local machine? That’s already pretty niche.

jandrese 7 hours ago | parent | prev | next [-]

I feel like livestreaming is a good example of an unusual situation where one might consider changing defaults that are otherwise good for the majority of users.

Also, I think the vulnerability of knowing that someone's password is exactly 19 characters long is low enough to be worth the tradeoff. Especially since someone on a livestream can also figure that out by listening for the keypresses.

pvillano 8 hours ago | parent | prev | next [-]

An accessibility feature helps more people if is it is on by default.

zahlman 6 hours ago | parent | prev | next [-]

There was already an option for a very long time, and in fact Mint had already changed the default since a long time ago (see e.g. https://forums.linuxmint.com/viewtopic.php?p=1572457).

Changing the default is the point, because people often just don't look into whether it's possible to configure things. They might not even get the idea that the asterisk feedback could be possible, or useful, until it's shown to them.

zarzavat 6 hours ago | parent | prev | next [-]

If your sudo password can be exposed by its length then you need a longer password. Hiding the length is just security theatre.

In your specific example livestreams usually have audio so the length is already public.

safetytrick 5 hours ago | parent [-]

Yes, this mattered when 6 character passwords were common.

wao0uuno 2 hours ago | parent | prev | next [-]

How is exposing length of a password a vulnerability? My HN password is 16 characters long. Go and crack it.

gnabgib 2 hours ago | parent [-]

Set it to 1-5 characters long, and let us know which you chose.

Dylan16807 an hour ago | parent | next [-]

Why?

If I pick a random 1-5 character password out of the pool of possibilities, it's very very likely to be 5 characters, and letting you know it's not 1-4 characters does pretty much nothing to help you crack it.

If I'm acting reasonably, I don't randomize the length, I pick a length long enough for the amount of security I want, and in that situation telling you the exact length reduces that security by much less than one bit.

sethops1 2 hours ago | parent | prev [-]

You're missing the point. If knowing the length of a password is helpful in cracking it, then it's already too short to be effective.

gnabgib 2 hours ago | parent [-]

The question was:

> How is exposing length of a password a vulnerability?

You're arguing exactly the point.. knowing the length of a password is helpful in cracking it. We all agree short is bad. Depending on your threat model, you (hopefully) don't use passwords as the only verification very many places - perhaps to unlock stronger secrets (ssh keys, an account without local login that can only connect with a certificate). You'd still rather a shoulder surfer doesn't know how many characters you pressed.

boca_honey 7 hours ago | parent | prev | next [-]

This is a very specific fear for a very niche sector of the userbase. sudo is the only case of a silent password I've encountered in my life and it's really uncomfortable.

bjourne 4 hours ago | parent | prev [-]

The same hackers could just listen to the key press sounds.