8.7. Prompting for a Password
Problem
You need to prompt an interactive user for a password.
Solution
On Unix systems, you can use the standard C runtime function
getpass( ) if you can accept limiting passwords to
_PASSWORD_LEN, which is typically defined to be
128 characters. If you want to read longer passwords, you can use the
function described in the following
Section 8.7.3.
On Windows, you can use the standard EDIT control
with ES_PASSWORD specified as a style flag to mask
the characters typed by a user.
Discussion
In the following subsections we’ll look at several different approaches to prompting for passwords.
Prompting for a password on Unix using getpass( ) or readpassphrase( )
The standard C runtime function
getpass( )
is the most portable way to obtain a password
from a user interactively. Unfortunately, it does have several
limitations that you may find unacceptable. The first is that only up
to _PASSWORD_LEN (typically 128) characters may be
entered; any characters after that are simply discarded. The second
is that the password is stored in a statically defined buffer, so it
is not thread-safe, but ordinarily this is not much of a problem
because there is fundamentally no way to read from the terminal in a
thread-safe manner anyway.
The getpass( ) function has the following
signature:
#include <sys/types.h> #include <unistd.h> char *getpass(const char *prompt);
The text passed as the function’s only argument is displayed on the terminal, terminal echo is disabled, and input ...
Get Secure Programming Cookbook for C and C++ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
