the following "bug" occures quite often during first login (and probably beyond):

1. login prompt shows up.
2. user enters username und confirms with [Enter]
3. systems gets a little load in background, while
user continues with typing his password with normal speed.
4. the first few characters of the users password
are beeing displayed in plain text on /dev/console while
the rest lands in the "real" password prompt as "*".
5. user presses [Enter] again to confirm password and
receives a "login incorrect" message and is simultaneously
surprised and shocked to see part of his/her password in
plain text on the screen/console.

I asked around in #gentoo.de and it seems like many people
know this phenomenon und also it seams not to be hardware-related,
so either slow notebooks _and_ fast desktop PCs are equally
vulnerable. (first i suspected this to be a "slow-HDD"-problem
only, but i got corrected by feedback on irc.)

I dont know how to correct this bug myself, but i know for example,
that in ncurses based software development there is such a thing
like the "noecho()" command, which disables output to the console
even if user keeps on typing stuff.

My suggestion is to implement such a thing that acts like ncurses noecho()
to suppress keyboard input from user until all internal processes/threads
of /bin/login are ready to prompt (_and_ receive) the users password.
In the (sometimes) short meantime between "login: <passwd>[Enter]" and
"password: "-prompt there should be no output to console for user-interactions.

This bug sure is not *critical*, but i have the feeling that it is not
very difficult to fix it. (if you knew ANSI C, i guess :D ).

It sure wont help on getting "login incorrect"-messages if you really
challenge the login-prompt by too quick typing, but at least the 
_precious_ user passwd wont be displayed in plain text on screen
or even send all over the inet via telnet & co. in worst case.

Bye.