HN
Today

Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords

Ubuntu 26.04 is changing the sudo password prompt to echo asterisks, ending a 46-year tradition of silence and sparking a heated debate. This seemingly minor UX update, driven by a sudo-rs rewrite in Rust, pits modern usability against long-held security tenets. Hacker News users are passionately weighing in on whether this is an overdue improvement or an unnecessary security concession, highlighting the perennial tension between convenience and tradition in the Linux world.

97
Score
101
Comments
#3
Highest Rank
6h
on Front Page
First Seen
Mar 21, 7:00 AM
Last Seen
Mar 21, 7:00 PM
Rank Over Time
3163091010

The Lowdown

Ubuntu 26.04 is set to introduce a notable change to the sudo password prompt, displaying asterisks instead of remaining silent as users type. This update marks the end of a nearly five-decade-old Unix tradition and has ignited a vigorous debate within the Linux community regarding security versus user experience.

  • Historical Context: The original sudo utility, created in 1980, deliberately hid password input to guard against 'shoulder surfing' in environments with shared terminals.
  • Catalyst for Change: The shift is driven by sudo-rs, a Rust-based rewrite of the classic C sudo. Its pwfeedback option, which enables visual feedback, was merged upstream and subsequently adopted by Canonical for Ubuntu 26.04.
  • Security Arguments: Proponents of the change argue that the security benefit of concealing password length is negligible, especially as graphical login screens already show feedback. They contend that anyone close enough to count asterisks can likely observe keystrokes directly. Critics, however, maintain that exposing password length, however minor, is a security regression.
  • User Experience Focus: Developers emphasize that the blank prompt is confusing for new users, making it unclear if their input is being registered. This change aims to improve the new-user experience.
  • Revert Option: Users who prefer the traditional silent prompt can easily revert the change by adding Defaults !pwfeedback to their sudoers file using visudo.
  • Broader Modernization: The sudo-rs integration is part of a larger modernization effort in Ubuntu 26.04, which also includes a move to Wayland, Linux kernel 7.0, and other Rust-based core utilities.

The adoption of asterisk feedback in sudo signifies Ubuntu's prioritization of modern usability and consistency with graphical interfaces, even if it challenges a long-standing Unix security practice. While the debate continues, the developers have provided a clear path for users to retain the classic behavior if desired.

The Gossip

User Experience Uplift

Many users enthusiastically welcome the change, arguing that the silent `sudo` prompt was a confusing and frustrating UX quirk, especially for newcomers to Linux or when typing passwords over high-latency SSH connections. They contend that the security benefits of hiding password length are minimal and vastly outweighed by the usability improvements. The developer behind the `sudo-rs` change highlighted that rewriting core utilities in Rust makes it easier to address such long-standing UX issues without facing the resistance often encountered with legacy C projects.

Security Scrutiny & Shoulder Surfing

While many commenters agree that the security impact of revealing password length is low, some express discomfort, arguing it still constitutes a minor security regression for specific threat models like shoulder surfing or automated brute-force attempts. The discussion delves into whether the traditional silent prompt was truly effective security or merely 'security theater,' especially given that other authentication methods (like graphical logins) already provide visual feedback. Some also note that modern security risks include audio recording of keystrokes or screen sharing, making the visual aspect of password length less critical.

Creative Character Conundrums

A significant portion of the debate focused on proposing and critiquing alternative methods for providing user feedback during password entry without explicitly revealing the password's length. Suggestions included displaying a single, rotating character (like a spinner) for each keystroke, using braille patterns, or showing a random number of asterisks (reminiscent of older systems like Lotus Notes). However, many of these alternatives were criticized for potentially still revealing length implicitly, being overly confusing to users, or requiring complex implementation with questionable benefit.

Ubuntu's Philosophical Direction

The `sudo` change prompted broader philosophical discussions about Ubuntu's development choices and the state of core Linux utilities. Some critics questioned Ubuntu's decisions, pointing to alternative authentication mechanisms like `run0` (from systemd) and Polkit as potentially more modern solutions. Others lamented that core code like `sudo` can become a 'living fossil,' resistant to change for decades. Conversely, some commenters defended Ubuntu's historical role in popularizing Linux desktops and servers, arguing that their willingness to make user-centric changes, even if controversial, has been key to their success.