[Python-ideas] Password masking for getpass.getpass
Jonathan Slenders
jonathan at slenders.be
Wed Jan 13 06:00:06 EST 2016
FYI:
prompt_toolkit can prompt for password input:
https://github.com/jonathanslenders/python-prompt-toolkit/blob/master/examples/get-password.py
https://github.com/jonathanslenders/python-prompt-toolkit/blob/master/examples/get-password-with-toggle-display-shortcut.py
It displays as asterisks and keeps all readline-like navigation.
The second is an example of password input where Ctrl-T toggels between
asterisks and all visible.
Feedback is welcome (create an issue), but this probably will never become
part of core Python.
Jonathan
2016-01-13 11:36 GMT+01:00 M.-A. Lemburg <mal at egenix.com>:
>
>
> On 13.01.2016 04:07, Ethan Furman wrote:
> > On 01/12/2016 06:45 PM, Oleg Broytman wrote:
> >> On Wed, Jan 13, 2016 at 01:22:02PM +1100, Chris Angelico wrote:
> >>> On Wed, Jan 13, 2016 at 1:17 PM, Oleg Broytman wrote:
> >>>> On Wed, Jan 13, 2016 at 12:54:14PM +1100, Steven D'Aprano wrote:
> >
> >>>>> The old convention on Linux and Unix is to just suppress all
> feedback,
> >>>>> but even on Linux GUI applications normally show bullets ??? or
> asterisks.
> >>>>
> >>>> Modern GUIs show the real character for a short period of time and
> >>>> then replace it with an asterisk.
> >>>
> >>> Ugh. I've only seen that on mobile devices, not on any desktop GUI,
> >>
> >> On desktop (Windows) I saw a password entry with a checkbox to
> switch
> >> between real characters and asterisks.
> >
> > While that can be handy, it is not the same as displaying each character
> as it is typed and then
> > covering it with something else. I agree with ChrisA and hope that
> never becomes the convention on
> > non-mobile devices.
>
> At least in Windows GUIs, the password field only provides a
> very thin layer to obfuscate the underlying password text:
>
> http://www.nirsoft.net/utils/bullets_password_view.html
>
> More secure systems always show 8 bullets regardless of how
> many characters the password actually has and only provide
> limited feedback when hitting a key without allowing to
> see the number of chars in the password.
>
> Not showing anything is certainly more secure than any other
> method of providing user feedback, so I agree that we should
> not make this the default.
>
> --
> Marc-Andre Lemburg
> eGenix.com
>
> Professional Python Services directly from the Experts (#1, Jan 13 2016)
> >>> Python Projects, Coaching and Consulting ... http://www.egenix.com/
> >>> Python Database Interfaces ... http://products.egenix.com/
> >>> Plone/Zope Database Interfaces ... http://zope.egenix.com/
> ________________________________________________________________________
>
> ::: We implement business ideas - efficiently in both time and costs :::
>
> eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
> D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
> Registered at Amtsgericht Duesseldorf: HRB 46611
> http://www.egenix.com/company/contact/
> http://www.malemburg.com/
>
> _______________________________________________
> Python-ideas mailing list
> Python-ideas at python.org
> https://mail.python.org/mailman/listinfo/python-ideas
> Code of Conduct: http://python.org/psf/codeofconduct/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20160113/a5ded757/attachment-0001.html>
More information about the Python-ideas
mailing list