sudo-rs Changes Default Password Feedback Behavior

In recent builds of Ubuntu 26.04, when prompted for the password by sudo, the system now displays asterisks (*) while typing. This change marks a break from established practice, where sudo provided no visual feedback for security reasons.

Reasons for the Change

The main motivation behind this change is to improve the user experience. Showing visual feedback, even minimal, can reassure the user that the input is actually being received by the system. However, it is important to note that this change may have security implications, as it reveals the length of the password to anyone watching the screen.

Security Considerations

Traditionally, the lack of password feedback in sudo was a security measure aimed at preventing the disclosure of password length to external observers or screen capture software. The decision by sudo-rs to change this behavior highlights a trade-off between usability and security, a choice that may generate debate among system administrators and security experts.