Re: better than read-hide-char

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: better than read-hide-char

From:	Juri Linkov
Subject:	Re: better than read-hide-char
Date:	Sat, 02 Mar 2019 23:58:11 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (x86_64-pc-linux-gnu)

> PS: Adding a command to temporarily reveal the password is also a small
> matter of programming.
>
> diff --git a/lisp/subr.el b/lisp/subr.el
> index 5b38c4d42e..d93b97a7c4 100644
> --- a/lisp/subr.el
> +++ b/lisp/subr.el
> @@ -2452,11 +2452,19 @@
>                (message "Password not repeated accurately; please start over")
>                (sit-for 1))))
>          success)
> -    (let ((hide-chars-fun
> +    (let* (ol
> +           (hide-chars-fun

Maybe hide-chars-fun should be customizable?  This would allow adding
an option to temporarily reveal the password instead of patching the
implementation like:

diff --git a/lisp/subr.el b/lisp/subr.el
index 5b0330745f..14bd601e71 100644
--- a/lisp/subr.el
+++ b/lisp/subr.el
@@ -2320,6 +2320,11 @@ read-passwd-map
     map)
   "Keymap used while reading passwords.")
 
+(defcustom read-passwd-hide-delay 0.3
+  "Time delay before hiding typed password chars."
+  :type 'number
+  :group 'display)
+
 (defun read-passwd (prompt &optional confirm default)
   "Read a password, prompting with PROMPT, and return it.
 If optional CONFIRM is non-nil, read the password twice to make sure.
@@ -2346,12 +2351,20 @@ read-passwd
         success)
     (let ((hide-chars-fun
            (lambda (beg end _len)
-             (clear-this-command-keys)
-             (setq beg (min end (max (minibuffer-prompt-end)
-                                     beg)))
-             (dotimes (i (- end beg))
-               (put-text-property (+ i beg) (+ 1 i beg)
-                                  'display (string (or read-hide-char ?*))))))
+             (let ((minibuf (current-buffer)))
+               (run-with-timer
+                read-passwd-hide-delay
+                nil
+                (lambda ()
+                  (clear-this-command-keys)
+                  (when (buffer-live-p minibuf)
+                    (with-current-buffer minibuf
+                      (setq beg (min end (max (minibuffer-prompt-end) beg)))
+                      (setq end (min end (point-max)))
+                      (dotimes (i (- end beg))
+                        (put-text-property (+ i beg) (+ 1 i beg)
+                                           'display (string (or read-hide-char 
?*))
+                                           minibuf)))))))))
           minibuf)
       (minibuffer-with-setup-hook
           (lambda ()


OTOH, another useful option would be the opposite: to increase security
when necessary and obscure the number of typed characters:

diff --git a/lisp/subr.el b/lisp/subr.el
index 5c8b84b8e9..194f019ba7 100644
--- a/lisp/subr.el
+++ b/lisp/subr.el
@@ -2357,7 +2357,8 @@ read-passwd
                                      beg)))
              (dotimes (i (- end beg))
                (put-text-property (+ i beg) (+ 1 i beg)
-                                  'display (string (or read-hide-char ?*))))))
+                                  'display (make-string (1+ (random 3))
+                                                        (or read-hide-char 
?*))))))
           minibuf)
       (minibuffer-with-setup-hook
           (lambda ()

[Prev in Thread]

Current Thread

[Next in Thread]

Re: better than read-hide-char, Juri Linkov <=

Prev by Date: Re: [ELPA] New package proposal: visual-path-abbrev.el
Next by Date: RE: master 57d2f24: * lisp/frame.el (make-frame-on-monitor): New command. (Bug#34516)
Previous by thread: Grabbing all events in a frame (with xelb?)
Next by thread: Re: [Emacs-diffs] master 284f635: memory_full_cons_threshold is a constant
Index(es):
- Date
- Thread