There was a software package a couple decades ago, I want to say it was Lotus Notes but I'm pretty sure it wasn't actually Lotus Notes but something of that ilk, that would show a small, random number of asterisks corresponding to each character entered. So you'd hit one key and maybe two asterisks would show up on screen. And kept track of them so if you deleted a character, it'd remove two.

I thought that was kinda clever; it gives you feedback when your keystrokes are recognized, but it's just enough confusion to keep a shoulder surfer from easily being able to tell the length of your password unless you're hunt-and-pecking every single letter.

Unless of course your adversary can count. But if they can count they can also just count the number of keystrokes they hear, especially if you're recording it and they can spend time post processing the audio.

Because that's still weird and confusing to people and still serves no purpose.

For a new Ubuntu user, that is probably more confusing than not echoing at all.

"That way you can be certain..." absolutely not.

Oh you mean like every time you type a password, it steps a spinner round? That solves the problem that IBM used to use for Notes where it showed "the wrong number of stars" which confused the hell out of users.

I don't understand your suggestion. If you're still showing one character after each character entered, what's changed?

What's the benefit of having a random character from a random set, instead of just a random character?