all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Juri Linkov <juri@linkov.net>
To: emacs-devel@gnu.org
Subject: Re: better than read-hide-char
Date: Sat, 02 Mar 2019 23:58:11 +0200	[thread overview]
Message-ID: <87va11vszw.fsf@mail.linkov.net> (raw)
In-Reply-To: <jwv7elbo7d8.fsf-monnier+gmane.emacs.devel@gnu.org> (Stefan Monnier's message of "Tue, 31 Jul 2018 09:47:56 -0400")

> PS: Adding a command to temporarily reveal the password is also a small
> matter of programming.
>
> diff --git a/lisp/subr.el b/lisp/subr.el
> index 5b38c4d42e..d93b97a7c4 100644
> --- a/lisp/subr.el
> +++ b/lisp/subr.el
> @@ -2452,11 +2452,19 @@
>                (message "Password not repeated accurately; please start over")
>                (sit-for 1))))
>          success)
> -    (let ((hide-chars-fun
> +    (let* (ol
> +           (hide-chars-fun

Maybe hide-chars-fun should be customizable?  This would allow adding
an option to temporarily reveal the password instead of patching the
implementation like:

diff --git a/lisp/subr.el b/lisp/subr.el
index 5b0330745f..14bd601e71 100644
--- a/lisp/subr.el
+++ b/lisp/subr.el
@@ -2320,6 +2320,11 @@ read-passwd-map
     map)
   "Keymap used while reading passwords.")
 
+(defcustom read-passwd-hide-delay 0.3
+  "Time delay before hiding typed password chars."
+  :type 'number
+  :group 'display)
+
 (defun read-passwd (prompt &optional confirm default)
   "Read a password, prompting with PROMPT, and return it.
 If optional CONFIRM is non-nil, read the password twice to make sure.
@@ -2346,12 +2351,20 @@ read-passwd
         success)
     (let ((hide-chars-fun
            (lambda (beg end _len)
-             (clear-this-command-keys)
-             (setq beg (min end (max (minibuffer-prompt-end)
-                                     beg)))
-             (dotimes (i (- end beg))
-               (put-text-property (+ i beg) (+ 1 i beg)
-                                  'display (string (or read-hide-char ?*))))))
+             (let ((minibuf (current-buffer)))
+               (run-with-timer
+                read-passwd-hide-delay
+                nil
+                (lambda ()
+                  (clear-this-command-keys)
+                  (when (buffer-live-p minibuf)
+                    (with-current-buffer minibuf
+                      (setq beg (min end (max (minibuffer-prompt-end) beg)))
+                      (setq end (min end (point-max)))
+                      (dotimes (i (- end beg))
+                        (put-text-property (+ i beg) (+ 1 i beg)
+                                           'display (string (or read-hide-char ?*))
+                                           minibuf)))))))))
           minibuf)
       (minibuffer-with-setup-hook
           (lambda ()


OTOH, another useful option would be the opposite: to increase security
when necessary and obscure the number of typed characters:

diff --git a/lisp/subr.el b/lisp/subr.el
index 5c8b84b8e9..194f019ba7 100644
--- a/lisp/subr.el
+++ b/lisp/subr.el
@@ -2357,7 +2357,8 @@ read-passwd
                                      beg)))
              (dotimes (i (- end beg))
                (put-text-property (+ i beg) (+ 1 i beg)
-                                  'display (string (or read-hide-char ?*))))))
+                                  'display (make-string (1+ (random 3))
+                                                        (or read-hide-char ?*))))))
           minibuf)
       (minibuffer-with-setup-hook
           (lambda ()




  parent reply	other threads:[~2019-03-02 21:58 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-31  2:25 better than read-hide-char Richard Stallman
2018-07-31  7:18 ` Andreas Schwab
2018-07-31 15:08   ` Drew Adams
2018-07-31 15:15     ` Andreas Schwab
2018-07-31 15:41       ` Drew Adams
2018-08-01  4:31   ` Richard Stallman
2018-07-31  9:25 ` Simon Leinen
2018-07-31 13:47 ` Stefan Monnier
2018-08-01  4:29   ` Richard Stallman
2018-08-01 15:48   ` Davis Herring
2018-08-01 16:15     ` Stefan Monnier
2019-03-02 21:58   ` Juri Linkov [this message]
2018-07-31 16:10 ` Clément Pit-Claudel
2018-07-31 20:17   ` Stefan Monnier
2018-08-01 14:59     ` Clément Pit-Claudel
2018-08-01 15:21       ` Stefan Monnier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87va11vszw.fsf@mail.linkov.net \
    --to=juri@linkov.net \
    --cc=emacs-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.