Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords

Posted by akersten 20 hours ago

Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords(pbxscience.com)

304 points | 305 commentspage 5

eviks 19 hours ago|

> sudo password is the same as their login password — one that already appears as visible placeholder dots on the graphical login screen. Hiding asterisks in the terminal while showing them at login is, in the developers’ estimation, security theatre.

So hide the first one as well? But also, that's not true, not all terminal passwords are for local machine

> Confusing — appears frozen

So make it appear flashing? Still doesn't need to reveal length

9dev 18 hours ago||

This is literally never identified as an issue in any other system processing passwords. This feels like a debate by someone who once thought they had a clever idea and can’t let go despite everyone telling them it’s awful.

eviks 17 hours ago||

Feels like you're talking to your own strawman re. whether hiding password length makes sense, which I specifically didn't address, only pointed out that the arguments I've quoted do not support the change.

michaelmrose 18 hours ago||

Is there any reason to have this feature enabled for millions of desktop users vs enable by appropriately paranoid corporate IT departments?

eviks 16 hours ago|||

The reason is to protect the innocent, of course, they're mostly clueless about security! But I don't know the level of practical benefits for this measure, superficially seems to be rather low, but then (assuming silly usability issues like "appears frozen" are fixed) what's the downside?

Elhana 18 hours ago|||

Millions of desktop users would use empty password if they could.

mikkupikku 17 hours ago||

Most of them would be well enough served by that too. It used to be normal and perfectly suitable for most home users.

Waterluvian 8 hours ago||

I kind of hate typing in my password all the time. Is there a way to sacrifice some security and do something like... ask for my password but automatically input it if my phone is detected via Bluetooth? (not connected, just detected).

I don't really want to just disable passwords. I recall that causing technical pains. And this is a desktop PC in my home office and I'm just generally okay with the associated security risks.

jeroenhd 5 hours ago||

Anything with PAM integration may work for you. I use the fingerprint reader in my laptop. Others use yubikeys.

You could probably throw together a quick PAM module that scans for your phone's presence. But, aside from the security/spoofing risks, Bluetooth scanning can take half a minute even when you have the device set to be discoverable so you may be faster off typing in your password.

Alternatively, you could just disable the password prompt for sudo if you make sure to always lock your screen. Or not even that if you don't have disk encryption enabled, as anyone with malicious intent can do anything to an unencrypted laptop anyway.

post-it 8 hours ago|||

Mac lets you use Touch ID or your Apple Watch to authenticate sudo. I expect you could set up something custom for Linux, it seems like the type of thing AI could put together very quickly.

Gabrys1 5 hours ago|||

you can put your password to a yubikey, then it's always a long press of a button away

the8472 8 hours ago||

wire up a hardware security token as a "sufficient" PAM rule. then it's just a tap.

wolvoleo 8 hours ago||

Good!

I always thought it was annoying anyway.

stevetron 10 hours ago||

So now there's a few additional steps when I install a new distribution to make certain that classic sudo is the one installed, rather than sudo-rs

I'm sure someone things this is a good idea, but I do not, and nobody cares what I think. But I come from being a long-time coder who's always been a terrible typist and can't depend on "touch typing" and have to actually look at things, like the keys, and the screen. And handicapped by going blind in one eye, and having arguments with eye doctors who say "get used to it and switch to audio books" and needing 14-point boldface fonts for everything.

sourcegrift 18 hours ago||

I've been using a two character password since the last 10 years of my 23 year linux usage; I log in to console and manually start X. Guess the shame will catch up now.

mrweasel 17 hours ago||

Love "manually start X", because I've been considering just doing that. In some weird sense it seems easier.

adrian_b 16 hours ago||

You can choose the middle ground and start X in whatever file is executed by your shell at login, after checking that X is not already running and that the login has not been done remotely through SSH. Instead of using "startx" (which on a properly configured system would also start whatever desktop environment you use), you can use the start program of your desktop environment, for instance I use XFCE, whose starting program is "startxfce4".

This eliminates the need to do the start manually when you login, but like after a manual start you can stop the GUI session, falling back into a console window, and then you can restart the GUI if needed.

I prefer this variant and I find it simpler than having any of the programs used for a GUI login, which have no advantage over the traditional login.

uecker 18 hours ago|||

Funny. But I have to say the shaming of users who have different opinions or want to make different choices (the whole point of free software) is one of the saddest development in the free software world, such as the push for BSD replacements for GPL components, the entanglement of software components in general, or breaking of compatibility, etc. No matter whether you stand, that it is becoming harder to choose components in your system to your liking should give everybody pause. And if your argument involves the term "Boomer" because you prefer the new choice, you miss the point. Android should be a clear warning that we can loose freedoms again very quickly (if recent US politics is not already a warning enough).

sourcegrift 13 hours ago||

Sadly everyone wants convenience. Nobody hates MS because they are bad, they hate them because they are inconvenient. People are missing the fact that Google is exactly where MS was in the 90s and is most definitely as bad if not worse. I hate android sadly linux isn't looking too good rigt now on mobile.

Devs are are missing the point with linux on phone. Get the point part working first lol so that people have some incentive to carry the damned thing. Apps come later

uecker 12 hours ago|||

Mobile is a problem. I had a beautifully Linux phone once, the Nokia N9. It is incredibly sad knowing how the world could look.

sourcegrift 11 hours ago|||

* phone part

seba_dos1 10 hours ago||

The phone part has been working for decades now; I know cause I've been relying on it for nearly 20 years now on various devices.

uecker 7 hours ago||

Is there a fully usable Linux phone nowadays?

seba_dos1 7 hours ago||

Over the decades I have used Neo Freerunner, Nokia N900 and now Librem 5. All of them were fully usable, though I'll admit the first one required quite some patience (similarly to the PinePhone these days I'd say).

rich_sasha 17 hours ago||

You could reproduce your UX by switching to a 0-length password.

burnt-resistor 11 hours ago||

Secure keyboard tty entry interaction by the terminal should manage this rather than implement it in one app. Another advantage of this method is that such affordances can be generated or silenced locally, and it's code that can be shared when used with passwd, pinentry, etc. and sudo rather than implemented N times.

GrayHerring 8 hours ago||

Stop trying to fix what is not broken. If people have issues with latency or typing then the solution is not to "bypass" it.

system2 7 hours ago||

How many times I pressed backspace more than I typed because holding backspace probably didn't work... This is a good change IMHO. Laggy remote SSH sessions will be slightly better.

jbverschoor 19 hours ago||

Weird argument about the logging password forging the same in a gui. Because it certainly it not when logging in using a terminal locale or ssh for that matter

tsimionescu 19 hours ago|

Either way, password lengths are exposed in virtually all scenarios except the Unix Terminal - and have caused 0 issues in practice. The default of hiding password inputs really is useless security theater, and always has been.

The crazier part is Ubuntu using a pre-1.0 software suite instead of software that has been around for decades. The switch to Rust coreutils is far too early.

hnlmorg 16 hours ago||

> and have caused 0 issues in practice

Do you have some data to back that up? Because I doubt it’s literally 0. I make this point because we shouldn’t talk about absolutes when discussing security.

Fo example, Knowing a password length does make it easier to crack a password. So it’s not strictly “security theatre”.

So the real question isn’t whether it has any security benefit; it’s more is the convenience greater than the risk it introduces.

Framing it like this is important because for technical users like us on HN, we’d obviously mostly say the convenience is negligible and thus are more focused on the security aspect of the change.

But for the average Desktop Ubuntu user, that convenience aspect is more pronounced.

This is why you’re going to see people argue against this change on HN. Simply put, different people have different risk appetites.

SAI_Peregrinus 9 hours ago||

Knowing password length makes it easier to crack an insecure password.

The SHA256 hash of a 6-symbol diceware password, where each symbol has its first letter capitalized and the rest lowercase, with 1! appended for compliance with misguided composition rules is 540b5417b5ecb522715fd4bb30f412912038900bd4ba949ea6130c8cb3c16012. There are 37 octets in the password. You know the length. You know the composition rules. You have an unsalted hash. It's only 77 or so bits of entropy. Get cracking, I'll wait.

the__alchemist 8 hours ago|

JCBP!

More comments...