Comment 52 for bug 194472

As a server admin for a number of Linux/UNIX hosts, I would advise that sudo is left as-is and the notification at login is updated as suggested by the original submitter of the bug. Showing the length of a password at the sudo prompt makes it significantly easier to perform a brute force attack on the password as the hacker now knows to brute force with the correct length without any trial and error required.