all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* better than read-hide-char
@ 2018-07-31  2:25 Richard Stallman
  2018-07-31  7:18 ` Andreas Schwab
                   ` (3 more replies)
  0 siblings, 4 replies; 16+ messages in thread
From: Richard Stallman @ 2018-07-31  2:25 UTC (permalink / raw)
  To: emacs-devel

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

How about a feature whereby instead of ******************* or .............
the password echoes as 012345678901234567890123456789...
That way, you could tell how many characters you have successfully typed
even when they are 20, 30, 40, 50, 60 or 70 characters.
That would help people notice some mistakes in long passwords.

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)





^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: better than read-hide-char
  2018-07-31  2:25 better than read-hide-char Richard Stallman
@ 2018-07-31  7:18 ` Andreas Schwab
  2018-07-31 15:08   ` Drew Adams
  2018-08-01  4:31   ` Richard Stallman
  2018-07-31  9:25 ` Simon Leinen
                   ` (2 subsequent siblings)
  3 siblings, 2 replies; 16+ messages in thread
From: Andreas Schwab @ 2018-07-31  7:18 UTC (permalink / raw)
  To: Richard Stallman; +Cc: emacs-devel

On Jul 30 2018, Richard Stallman <rms@gnu.org> wrote:

> How about a feature whereby instead of ******************* or .............
> the password echoes as 012345678901234567890123456789...
> That way, you could tell how many characters you have successfully typed
> even when they are 20, 30, 40, 50, 60 or 70 characters.
> That would help people notice some mistakes in long passwords.

Another feature would be to temporarily unhide the input.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."



^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: better than read-hide-char
  2018-07-31  2:25 better than read-hide-char Richard Stallman
  2018-07-31  7:18 ` Andreas Schwab
@ 2018-07-31  9:25 ` Simon Leinen
  2018-07-31 13:47 ` Stefan Monnier
  2018-07-31 16:10 ` Clément Pit-Claudel
  3 siblings, 0 replies; 16+ messages in thread
From: Simon Leinen @ 2018-07-31  9:25 UTC (permalink / raw)
  To: rms; +Cc: Emacs developers

[-- Attachment #1: Type: text/plain, Size: 576 bytes --]

>
> How about a feature whereby instead of ******************* or .............
> the password echoes as 012345678901234567890123456789...

That way, you could tell how many characters you have successfully typed
> even when they are 20, 30, 40, 50, 60 or 70 characters.
> That would help people notice some mistakes in long passwords.
>

I would appreciate such a feature, or anything that tells me in real time
how many characters of password I have typed. Whether you start counting
from 0 or from 1 is a matter of preference. Maybe that should be
customizable.
-- 
Simon.

[-- Attachment #2: Type: text/html, Size: 911 bytes --]

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: better than read-hide-char
  2018-07-31  2:25 better than read-hide-char Richard Stallman
  2018-07-31  7:18 ` Andreas Schwab
  2018-07-31  9:25 ` Simon Leinen
@ 2018-07-31 13:47 ` Stefan Monnier
  2018-08-01  4:29   ` Richard Stallman
                     ` (2 more replies)
  2018-07-31 16:10 ` Clément Pit-Claudel
  3 siblings, 3 replies; 16+ messages in thread
From: Stefan Monnier @ 2018-07-31 13:47 UTC (permalink / raw)
  To: emacs-devel

> the password echoes as 012345678901234567890123456789...
> That way, you could tell how many characters you have successfully typed
> even when they are 20, 30, 40, 50, 60 or 70 characters.
> That would help people notice some mistakes in long passwords.

Sure.  Another option would be the patch below.
BTW, for those who like to have their password sanity-checked locally
before they press RET, it even displays some kind of short hash ;-)


        Stefan


PS: Adding a command to temporarily reveal the password is also a small
matter of programming.


diff --git a/lisp/subr.el b/lisp/subr.el
index 5b38c4d42e..d93b97a7c4 100644
--- a/lisp/subr.el
+++ b/lisp/subr.el
@@ -2452,11 +2452,19 @@
               (message "Password not repeated accurately; please start over")
               (sit-for 1))))
         success)
-    (let ((hide-chars-fun
+    (let* (ol
+           (hide-chars-fun
            (lambda (beg end _len)
              (clear-this-command-keys)
              (setq beg (min end (max (minibuffer-prompt-end)
                                      beg)))
+              (move-overlay ol (point-max) (point-max))
+              (let ((len (- (point-max) (minibuffer-prompt-end)))
+                    (hash (md5 (minibuffer-contents-no-properties))))
+                (overlay-put ol 'after-string
+                             (if (> len 1)
+                                 (format "  [%d chars, #%s]"
+                                         len (substring hash 0 4)))))
              (dotimes (i (- end beg))
                (put-text-property (+ i beg) (+ 1 i beg)
                                   'display (string (or read-hide-char ?.))))))
@@ -2471,6 +2479,7 @@ read-passwd
             (use-local-map read-passwd-map)
             (setq-local inhibit-modification-hooks nil) ;bug#15501.
 	    (setq-local show-paren-mode nil)		;bug#16091.
+            (setq ol (make-overlay (point-max) (point-max) nil t t))
             (add-hook 'after-change-functions hide-chars-fun nil 'local))
         (unwind-protect
             (let ((enable-recursive-minibuffers t)




^ permalink raw reply related	[flat|nested] 16+ messages in thread

* RE: better than read-hide-char
  2018-07-31  7:18 ` Andreas Schwab
@ 2018-07-31 15:08   ` Drew Adams
  2018-07-31 15:15     ` Andreas Schwab
  2018-08-01  4:31   ` Richard Stallman
  1 sibling, 1 reply; 16+ messages in thread
From: Drew Adams @ 2018-07-31 15:08 UTC (permalink / raw)
  To: Andreas Schwab, Richard Stallman; +Cc: emacs-devel

> > How about a feature whereby instead of ******************* or .............
> > the password echoes as 012345678901234567890123456789...
> > That way, you could tell how many characters you have successfully typed
> > even when they are 20, 30, 40, 50, 60 or 70 characters.
> > That would help people notice some mistakes in long passwords.

Sounds good to me. But maybe can see a downside?

> Another feature would be to temporarily unhide the input.

A user deserves feedback for whether a key actually was depressed sufficiently, i.e., whether Emacs received it. That's the reason for showing *** or ....



^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: better than read-hide-char
  2018-07-31 15:08   ` Drew Adams
@ 2018-07-31 15:15     ` Andreas Schwab
  2018-07-31 15:41       ` Drew Adams
  0 siblings, 1 reply; 16+ messages in thread
From: Andreas Schwab @ 2018-07-31 15:15 UTC (permalink / raw)
  To: Drew Adams; +Cc: Richard Stallman, emacs-devel

On Jul 31 2018, Drew Adams <drew.adams@oracle.com> wrote:

>> Another feature would be to temporarily unhide the input.
>
> A user deserves feedback for whether a key actually was depressed sufficiently, i.e., whether Emacs received it. That's the reason for showing *** or ....

But that hides the input, so if you want to verify it it needs to be
unhidden.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."



^ permalink raw reply	[flat|nested] 16+ messages in thread

* RE: better than read-hide-char
  2018-07-31 15:15     ` Andreas Schwab
@ 2018-07-31 15:41       ` Drew Adams
  0 siblings, 0 replies; 16+ messages in thread
From: Drew Adams @ 2018-07-31 15:41 UTC (permalink / raw)
  To: Andreas Schwab; +Cc: Richard Stallman, emacs-devel

> >> Another feature would be to temporarily unhide the input.
> > A user deserves feedback for whether a key actually was depressed
> 
> But that hides the input, so if you want to verify it it needs to be unhidden.

Sorry. I misread what you wrote. I thought you said "hide", not "unhide".
I thought you meant just not provide any feedback. Sorry for the noise.



^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: better than read-hide-char
  2018-07-31  2:25 better than read-hide-char Richard Stallman
                   ` (2 preceding siblings ...)
  2018-07-31 13:47 ` Stefan Monnier
@ 2018-07-31 16:10 ` Clément Pit-Claudel
  2018-07-31 20:17   ` Stefan Monnier
  3 siblings, 1 reply; 16+ messages in thread
From: Clément Pit-Claudel @ 2018-07-31 16:10 UTC (permalink / raw)
  To: emacs-devel

On 2018-07-30 22:25, Richard Stallman wrote:
> How about a feature whereby instead of ******************* or .............
> the password echoes as 012345678901234567890123456789...
> That way, you could tell how many characters you have successfully typed
> even when they are 20, 30, 40, 50, 60 or 70 characters.
> That would help people notice some mistakes in long passwords.

This sounds like a good idea, but I think it'd be even better to put that information in the modeline of the window above the minibuffer, rather than in the minibuffer itself. Something like this, partly copied from eldoc:

(progn
  (defvar passwd-mode-line nil)
  (put 'passwd-mode-line 'risky-local-variable t)

  (minibuffer-with-setup-hook
      (lambda ()
        (add-hook 'minibuffer-exit-hook (lambda () (setq passwd-mode-line nil)) nil t)
        (let ((prefix-len (buffer-size)))
          (with-current-buffer
              (window-buffer
               (or (window-in-direction 'above (minibuffer-window))
	           (minibuffer-selected-window)
	           (get-largest-window)))
            (when mode-line-format
              (unless (and (listp mode-line-format)
		           (assq 'passwd-mode-line mode-line-format))
	        (setq mode-line-format
	              `("" (passwd-mode-line passwd-mode-line) ,mode-line-format))))
            (setq passwd-mode-line
                  (concat (make-string (1+ prefix-len) ?\s)
                          "0123456789012345678901234567890"))
            (force-mode-line-update))))
    (read-passwd "Test: ")))

Clément.



^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: better than read-hide-char
  2018-07-31 16:10 ` Clément Pit-Claudel
@ 2018-07-31 20:17   ` Stefan Monnier
  2018-08-01 14:59     ` Clément Pit-Claudel
  0 siblings, 1 reply; 16+ messages in thread
From: Stefan Monnier @ 2018-07-31 20:17 UTC (permalink / raw)
  To: emacs-devel

> This sounds like a good idea, but I think it'd be even better to put
> that information in the modeline of the window above the minibuffer,
> rather than in the minibuffer itself.

My minibuffer lives in its own frame, with no obvious "window above".

[ At startup, there is no modeline at all.  Admittedly, by the time
  read-passwd gets called, there will probably be some frame displaying
  a window with modeline somewhere, but the point is that there's no
  clear modeline attached to the minibuffer, in general.  ]


        Stefan




^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: better than read-hide-char
  2018-07-31 13:47 ` Stefan Monnier
@ 2018-08-01  4:29   ` Richard Stallman
  2018-08-01 15:48   ` Davis Herring
  2019-03-02 21:58   ` Juri Linkov
  2 siblings, 0 replies; 16+ messages in thread
From: Richard Stallman @ 2018-08-01  4:29 UTC (permalink / raw)
  To: Stefan Monnier; +Cc: emacs-devel

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

I correct my previous suggestion.  To make the echoed numbers
match the last digit of the length thus far, they should start with 1.

I like your idea too.

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)





^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: better than read-hide-char
  2018-07-31  7:18 ` Andreas Schwab
  2018-07-31 15:08   ` Drew Adams
@ 2018-08-01  4:31   ` Richard Stallman
  1 sibling, 0 replies; 16+ messages in thread
From: Richard Stallman @ 2018-08-01  4:31 UTC (permalink / raw)
  To: Andreas Schwab; +Cc: emacs-devel

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > Another feature would be to temporarily unhide the input.

This would be useful, if it happens only when you type a command
to make it happen.

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)





^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: better than read-hide-char
  2018-07-31 20:17   ` Stefan Monnier
@ 2018-08-01 14:59     ` Clément Pit-Claudel
  2018-08-01 15:21       ` Stefan Monnier
  0 siblings, 1 reply; 16+ messages in thread
From: Clément Pit-Claudel @ 2018-08-01 14:59 UTC (permalink / raw)
  To: emacs-devel

On 2018-07-31 16:17, Stefan Monnier wrote:
>> This sounds like a good idea, but I think it'd be even better to put
>> that information in the modeline of the window above the minibuffer,
>> rather than in the minibuffer itself.
> 
> My minibuffer lives in its own frame, with no obvious "window above".
> 
> [ At startup, there is no modeline at all.  Admittedly, by the time
>   read-passwd gets called, there will probably be some frame displaying
>   a window with modeline somewhere, but the point is that there's no
>   clear modeline attached to the minibuffer, in general.  ]

Sure, but we don't necessarily need it to work in all cases.
How does eldoc do in your case?

Clément.



^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: better than read-hide-char
  2018-08-01 14:59     ` Clément Pit-Claudel
@ 2018-08-01 15:21       ` Stefan Monnier
  0 siblings, 0 replies; 16+ messages in thread
From: Stefan Monnier @ 2018-08-01 15:21 UTC (permalink / raw)
  To: emacs-devel

> How does eldoc do in your case?

Poorly, but bearable.


        Stefan




^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: better than read-hide-char
  2018-07-31 13:47 ` Stefan Monnier
  2018-08-01  4:29   ` Richard Stallman
@ 2018-08-01 15:48   ` Davis Herring
  2018-08-01 16:15     ` Stefan Monnier
  2019-03-02 21:58   ` Juri Linkov
  2 siblings, 1 reply; 16+ messages in thread
From: Davis Herring @ 2018-08-01 15:48 UTC (permalink / raw)
  To: Stefan Monnier; +Cc: Emacs development discussions

> Sure.  Another option would be the patch below.
> BTW, for those who like to have their password sanity-checked locally
> before they press RET, it even displays some kind of short hash ;-)

Doesn't displaying even 16 bits of any hash of each prefix of the 
password leak those prefixes, each guided by the last?

Here is a lookup table based on the first 12 bits of the MD5 hash of 
each ASCII printing character:

01a #
021 X
03c s
0bc %
0cc a
0d6 C
0fb ]
167 6
21c Z
251 h
26b +
28d \
2db l
336 -
338 *
359 '
363 j
3a3 E
415 y
43e =
44c P
45c 9
4a8 c
4b4 r
4c6 U
4c7 ~
505 .
518 @
520 V
524 <
57c Y
5db S
61e W
666 /
696 M
6cf &
6f8 m
721
769 q
7b7 u
7b8 n
7e6 ^
7fc A
800 F
815 [
827 d
833 `
838 p
84c (
853 :
865 i
8ce k
8d9 N
8f1 7
8fa f
903 !
92e b
937 )
9d5 B
9dd x
9e3 v
9ee ;
a5f K
a87 4
b14 _
b15 "
b2f g
b99 |
b9e T
c0c ,
c1d H
c3e $
c4c 1
c81 2
c9f 8
cbb }
ced >
cfc 0
d14 ?
d20 L
d95 o
dd7 I
dfc G
e16 e
e1e R
e35 t
e4d 5
ecc 3
f09 Q
f12 w
f18 O
f62 D
f95 {
fba z
ff4 J

And, supposing the first hash is c3e... (i.e., the first character is 
$), here's the next table:

033 $2
06d $1
099 $3
0b3 $J
0bf $(
0d5 $e
0f5 $O
115 $@
134 $T
141 $[
172 $4
19c $'
1d0 $%
1dc $|
20c $S
20f $d
213 $=
24d $l
2a0 $p
2a1 $Q
2fb $, or $H
30b $t
359 $.
36a $y
36b $/
39a $Y
3cb $s
3e3 $c
3e4 $D
459 $+
474 $X
481 $-
4f3 $7
52d $a
588 $$
601 $h
620 ${
6b5 $P
6b6 $f
6bf $Z
6c0 $`
71e $C
798 $F
7a4 $I
7d4 $R
7dc $~
867 $K
86c $8
870 $5
872 $x
884 $!
89f $M
926 $>
934 $L
953 $z
993 $:
a09 $k
a0f $&
a16 $i
a3d $v
a7b $j
aa7 $r
ae9 $o
b05 $]
b3e $6
b89 $A or $?
bea $"
c4a $u
c6a $*
c6e $
d0a $0
d38 $U
d3f $w
d72 $9
da3 $b
dd9 $W
de8 $B
e19 $#
e25 $N
e31 $^
e33 $G
e4a $n
e4d $E
e6e $\
e77 $V
eb6 $q
edc $_
f08 $;
f46 $g
f52 $m
f78 $<
fa1 $}
fc0 $)

The two collisions are resolved by the remaining 4 bits displayed by 
that patch.

Davis

-- 
This product is sold by volume, not by mass.  If it appears too dense or 
too sparse, it is because mass-energy conversion has occurred during 
shipping.



^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: better than read-hide-char
  2018-08-01 15:48   ` Davis Herring
@ 2018-08-01 16:15     ` Stefan Monnier
  0 siblings, 0 replies; 16+ messages in thread
From: Stefan Monnier @ 2018-08-01 16:15 UTC (permalink / raw)
  To: emacs-devel

> Doesn't displaying even 16 bits of any hash of each prefix of the password
> leak those prefixes, each guided by the last?

No doubt.  IOW it's probably a bad idea.


        Stefan




^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: better than read-hide-char
  2018-07-31 13:47 ` Stefan Monnier
  2018-08-01  4:29   ` Richard Stallman
  2018-08-01 15:48   ` Davis Herring
@ 2019-03-02 21:58   ` Juri Linkov
  2 siblings, 0 replies; 16+ messages in thread
From: Juri Linkov @ 2019-03-02 21:58 UTC (permalink / raw)
  To: emacs-devel

> PS: Adding a command to temporarily reveal the password is also a small
> matter of programming.
>
> diff --git a/lisp/subr.el b/lisp/subr.el
> index 5b38c4d42e..d93b97a7c4 100644
> --- a/lisp/subr.el
> +++ b/lisp/subr.el
> @@ -2452,11 +2452,19 @@
>                (message "Password not repeated accurately; please start over")
>                (sit-for 1))))
>          success)
> -    (let ((hide-chars-fun
> +    (let* (ol
> +           (hide-chars-fun

Maybe hide-chars-fun should be customizable?  This would allow adding
an option to temporarily reveal the password instead of patching the
implementation like:

diff --git a/lisp/subr.el b/lisp/subr.el
index 5b0330745f..14bd601e71 100644
--- a/lisp/subr.el
+++ b/lisp/subr.el
@@ -2320,6 +2320,11 @@ read-passwd-map
     map)
   "Keymap used while reading passwords.")
 
+(defcustom read-passwd-hide-delay 0.3
+  "Time delay before hiding typed password chars."
+  :type 'number
+  :group 'display)
+
 (defun read-passwd (prompt &optional confirm default)
   "Read a password, prompting with PROMPT, and return it.
 If optional CONFIRM is non-nil, read the password twice to make sure.
@@ -2346,12 +2351,20 @@ read-passwd
         success)
     (let ((hide-chars-fun
            (lambda (beg end _len)
-             (clear-this-command-keys)
-             (setq beg (min end (max (minibuffer-prompt-end)
-                                     beg)))
-             (dotimes (i (- end beg))
-               (put-text-property (+ i beg) (+ 1 i beg)
-                                  'display (string (or read-hide-char ?*))))))
+             (let ((minibuf (current-buffer)))
+               (run-with-timer
+                read-passwd-hide-delay
+                nil
+                (lambda ()
+                  (clear-this-command-keys)
+                  (when (buffer-live-p minibuf)
+                    (with-current-buffer minibuf
+                      (setq beg (min end (max (minibuffer-prompt-end) beg)))
+                      (setq end (min end (point-max)))
+                      (dotimes (i (- end beg))
+                        (put-text-property (+ i beg) (+ 1 i beg)
+                                           'display (string (or read-hide-char ?*))
+                                           minibuf)))))))))
           minibuf)
       (minibuffer-with-setup-hook
           (lambda ()


OTOH, another useful option would be the opposite: to increase security
when necessary and obscure the number of typed characters:

diff --git a/lisp/subr.el b/lisp/subr.el
index 5c8b84b8e9..194f019ba7 100644
--- a/lisp/subr.el
+++ b/lisp/subr.el
@@ -2357,7 +2357,8 @@ read-passwd
                                      beg)))
              (dotimes (i (- end beg))
                (put-text-property (+ i beg) (+ 1 i beg)
-                                  'display (string (or read-hide-char ?*))))))
+                                  'display (make-string (1+ (random 3))
+                                                        (or read-hide-char ?*))))))
           minibuf)
       (minibuffer-with-setup-hook
           (lambda ()




^ permalink raw reply related	[flat|nested] 16+ messages in thread

end of thread, other threads:[~2019-03-02 21:58 UTC | newest]

Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-07-31  2:25 better than read-hide-char Richard Stallman
2018-07-31  7:18 ` Andreas Schwab
2018-07-31 15:08   ` Drew Adams
2018-07-31 15:15     ` Andreas Schwab
2018-07-31 15:41       ` Drew Adams
2018-08-01  4:31   ` Richard Stallman
2018-07-31  9:25 ` Simon Leinen
2018-07-31 13:47 ` Stefan Monnier
2018-08-01  4:29   ` Richard Stallman
2018-08-01 15:48   ` Davis Herring
2018-08-01 16:15     ` Stefan Monnier
2019-03-02 21:58   ` Juri Linkov
2018-07-31 16:10 ` Clément Pit-Claudel
2018-07-31 20:17   ` Stefan Monnier
2018-08-01 14:59     ` Clément Pit-Claudel
2018-08-01 15:21       ` Stefan Monnier

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.