pinentry-curses should be able to avoid showing *s when user enters passphrase
Open, NormalPublic


(see also

One convention i've seen in a few places is that if the first key pressed is a backspace, passphrase entry stops echoingn masking characters (perhaps replaced with a [no echo] field instead of *.

that way, users who don't like having ******* reveal that their password is only 7 characters long can just hit backspace first.