From f1d9dde97bb9a92bbcfb54caccead3a291788366 Mon Sep 17 00:00:00 2001
From: Alan Cox <alan@linux.intel.com>
Date: Sun, 12 Nov 2017 18:58:55 +0000
Subject: [PATCH] init: don't reveal if user exists

---
 Applications/util/init.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Applications/util/init.c b/Applications/util/init.c
index 59f49939..81055ccf 100644
--- a/Applications/util/init.c
+++ b/Applications/util/init.c
@@ -830,9 +830,10 @@ static pid_t getty(const char **argv, const char *id)
 
 				pwd = getpwnam(buf);
 
+				if (pwd == NULL || *pwd->pw_passwd)
+					p = getpass("Password: ");
 				if (pwd) {
-					if (pwd->pw_passwd[0] != '\0') {
-						p = getpass("Password: ");
+					if (*pwd->pw_passwd) {
 						salt[0] = pwd->pw_passwd[0];
 						salt[1] = pwd->pw_passwd[1];
 						salt[2] = '\0';
@@ -842,7 +843,8 @@ static pid_t getty(const char **argv, const char *id)
 					}
 					if (strcmp(pr, pwd->pw_passwd) == 0)
 						spawn_login(pwd, argv[0], id, host);
-				}
+				} else /* So you can't tell by the delay time */
+					crypt(p, "ZZ");
 
 				putstr("\nLogin incorrect\n\n");
 				signal(SIGALRM, sigalarm);
-- 
2.34.1