Keeping password length secret

I was recently having a discussion about password inputs! Most password fields out there mask their characters, i.e. they display "********" instead of "password". However, in some project I was involved there was a requirement to mask the input such that it would always display a static number of masked characters. I thought it would be somewhat unintuitive and questioned the benefit of it. But apparently there are also some well-known applications doing this as well. This made me wonder what advantage a brute-force attacker gains by knowing the length of the password.

Let $r(n,m)$ be the ratio of possible passwords you can eliminate from your search, with $n$ being the password length and $m$ being the number of valid characters. Then:

$$\begin{align*} r(n, m) & = \frac{\sum_{i=1}^{n-1} m^i}{m^n}\\ & = \frac{\frac{m^n - 1}{m - 1} - 1}{m^n}\\ & = \frac{m^n - m}{m^n(m - 1)}\\ & = \frac{1 - m^{1-n}}{m - 1} \end{align*}$$

Now, if we assume that $m, n \geq 2$ (notice that $m^{1-n}$ is decreasing in $[2, \infty) \times [2, \infty)$):

$$\frac{1}{2(m - 1)} \leq \frac{1 - m^{1-n}}{m - 1} \leq \frac{1}{m - 1}$$

One interesting observation here is the following: even if your password was infinitely long, an attacker would still get some benefit from knowing the length of your password, the benefit of which at this point only depends on the number of characters that are allowed.

In practice, we can almost always assume that $m \geq 62$ (26 lower-case, 26 upper-case, 10 digit characters), which gives us the following bounds:

$$\left[ \frac{1}{122}, \frac{1}{61} \right] \approx \left[ 0.008197, 0.016393 \right]$$

i.e. even in the worst-case scenario, an attacker would only have approx. 1.63% fewer options to try.