logoalt Hacker News

jadamsontoday at 7:35 AM3 repliesview on HN

I don't understand your suggestion. If you're still showing one character after each character entered, what's changed?

What's the benefit of having a random character from a random set, instead of just a random character?

Replies

oneeyedpigeontoday at 7:47 AM

I think the idea is that each character overwrites the previous, so you're never showing the total length (apart from 0/1!)

show 1 reply
NiloCKtoday at 7:53 AM

There's no persistent reveal of password length after you're finished typing. It reduces the length-reveal leak from anyone who eventually sees the terminal log to people who are actively over-the-shoulder as you type it.

show 1 reply
DrawTRtoday at 7:52 AM

They mean to have a static single character on the screen and have it change with every keypress. For example, you type "a" and it shows /. You type "b" and it shows "|", etc.