jakibaki
commented
5 years ago The password will still have be transferred through telnet so "hiding" the chars wouldn't make any difference in transfer-security.
Open fennectech opened 5 years ago
jakibaki
commented
5 years ago The password will still have be transferred through telnet so "hiding" the chars wouldn't make any difference in transfer-security.
Cesura
commented
5 years ago There are some 3 byte telnet character codes that essentially say "echo" or "no echo," provided the client is willing to listen. I'll look into using those to address the "over the shoulder" concern. Transporting in plaintext really is the bigger weakness though, as @jakibaki pointed out.
fennectech
commented
5 years ago Yeah.
I recomend not displaying the charicters when the user enters their password Its usually done to foil shoulder surfers but with telnet its like making your lock out of paper.