Hiding Keyboard Input From the Screen

Submitted by Bryce on Tue, 03/02/2010 - 00:21

For my current job I'm in charge of writing a script that requires a person to input their password and me being the semi-security conscious individual that I am knew that regular input for a script like this would be bad, as that would allow for over the shoulder (literally) view of someone's password. This is just unacceptable.

To solve this problem I hit the internets for a way to hide user input in Perl script. And in my travels I came across this old PERL FAQ site. I decided to try out the code and update it, throw it into a little dummy script. This is what I got (minus the dummy script):

sub get_password
{
  print "enter your password: ";
  system("stty -echo");
  chop(my $password=<>);
  print "\n";
  system("stty echo");
 
  return $password;
}

Saved it, ran it, and Holy Missing Characters Batman, it worked. So just as a mental exercise, I wanted to see if I could get it to emulate the password request when you run sudo, and I wrote this up in Python (because I need the practice):

#!/usr/bin/python
 
import os
import getpass
 
def get_password():
    #print "Please enter your password:"
    os.system("stty -echo")
    password = raw_input( getpass.getuser() + "'s password")
    os.system("stty echo")
    print "\n"
 
    return password
 
def main():
    local_password = get_password()
    print local_password
 
main()

And again... it worked. Of course I finally realized that the reason why it worked is because of the line "stty -echo". Taking that I typed it into a standard terminal and after hitting enter the results were the same. My terminal functioned normally, but without showing me the characters I was typing. After returning my terminal back to normal I decided to read a little more about stty. After digging through the man page for a little while I came across this argument which is an alias for echo:
[-]crterase echo erase characters as backspace-space-backspace

Thus the reason why I couldn't see anything change is because my terminal is treating all characters I type on the screen as a three part sequence of non alphanumeric characters. Although I find this a little odd; I have to just go with the words of Bugs Bunny on this one, “I don't ask questions. I just have fun.”


	#1Submitted by OJ (not verified) on Tue, 03/02/2010 - 02:56. Quick question .. so what's the solution that works cross-platform? ;) reply


	#2Submitted by Bryce on Tue, 03/02/2010 - 22:46. That is a good question.... At the moment I don't know, but I think I might try and figure it out. reply

Post new comment

Subscribe to my RSS feed

icon provided by FastIcon.com

Recent Thoughts (a.k.a Tweets)


	"If They Can Burn It, We Can Read It." A UCC Minister's Response to Burning the Qur'an.: http://t.co/VITFBpr — 1 day 20 hours ago

New Content: Project Euler: Problem 6 http://tinyurl.com/2ct43kw #computer #blogs — 2 weeks 1 day ago
@mimzer do not miss a late night trip to whiffies for get proper spelling for a deep fried hand pie. Totally worth it! — 3 weeks 37 min ago
My Twifficiency score is 32%. Whats yours? http://twifficiency.com/ — 3 weeks 1 day ago
#Oracle should be kissing #Google's feet for putting a dying language on life support, not suing them. http://tinyurl.com/38yo2b9 — 3 weeks 5 days ago
@TheColonial I think it is. That is of course if the runtime doesn't have an truly open license. — 3 weeks 5 days ago

Tags in Catagories

Mollom Project Euler Linux PERL Personal Flash Tutorial Gentoo HowTo Python Haskell Mysql Twitter Pop Quiz

more tags

ScrollingText