Cesura / nxsh

BusyBox-like remote shell for the Nintendo Switch over telnet [UNMAINTAINED]
BSD 3-Clause "New" or "Revised" License
80 stars 8 forks source link

Feature Request: Don't display characters when entering the password #4

Open fennectech opened 6 years ago

fennectech commented 6 years ago

I recomend not displaying the charicters when the user enters their password Its usually done to foil shoulder surfers but with telnet its like making your lock out of paper.

jakibaki commented 6 years ago

The password will still have be transferred through telnet so "hiding" the chars wouldn't make any difference in transfer-security.

Cesura commented 6 years ago

There are some 3 byte telnet character codes that essentially say "echo" or "no echo," provided the client is willing to listen. I'll look into using those to address the "over the shoulder" concern. Transporting in plaintext really is the bigger weakness though, as @jakibaki pointed out.

fennectech commented 6 years ago

Yeah.