alt Hacker NewsThis decision long predates Linux. It's been a staple back to the earliest days of Unix; and it isn't a weird decision if you take into consideration of multi user systems in office environments that have non trivial security considerations (for example telecoms companies), which is exactly where Unix came from.
Well, if leaking the length of the password is such a big deal, why not just use a reasonably long password?
Moreover, if someone can see the number of asterisks on the screen, what prevents them from seeing the actual keys that are being pressed?