I think the idea is that each character overwrites the previous, so you're never showing the total length (apart from 0/1!)
replyAh, and the characters are supposed to be an ASCII spinner.
replyI think if I was new to Linux that would confuse the life out of me :)
There's no persistent reveal of password length after you're finished typing. It reduces the length-reveal leak from anyone who eventually sees the terminal log to people who are actively over-the-shoulder as you type it.
replyIf you can see 1 char from set of 4 you know the number of characters modulo 4. If the minimum length of a password is 6, and probably it is no longer than 12 characters, then you can narrow the length to 1 or 2 numbers. It is marginally better than asterisks of course, of course, but it is still confusing.
replyThey mean to have a static single character on the screen and have it change with every keypress. For example, you type "a" and it shows /. You type "b" and it shows "|", etc.
reply