Readln a password

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Readln a password

Adriaan van Os-2
I wonder what the recommended way is to readln a password from console, as a standard Readln echoes
the password.

1. SetConsoleMode seems to be Windows-specific

2. On Mac OS X, a loop with a Crt.ReadKey until char(13) works in Terminal.app, but behaves strange
in the Xcode Console window (more precise, uses Crt doesn't seem to be compatible with the Xcode
Console)

3. On Mac OS X, executing '/bin/stty -echo' gives an error message 'stty: stdin isn't a terminal'
(both in Terminal.appand in the Xcode Console window)

4. I experimented with '/usr/bin/read -s -p Password:' but couldn't get it working from FPC.

Regards,

Adriaan van Os
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Readln a password

Zaaphod
Here is how I read passwords... it generates a random character and displays
that so someone looking over your shoulder things those characters are the
password
It uses readkey which does not display on the screen, one character at a
time

Function Readpw:String;
Var
   Pwstring : String;
   pwchar   :Char;
Begin
   Randomize;
   Pwstring:='';
   Repeat
      Pwchar:=readkey;
      If PwChar<>#13 Then
         Begin
            pwstring:=pwstring+Pwchar;
            Write(chr(Random(77)+33))
         End;
   until pwchar=#13;
   Readpw:=pwstring;
end;

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Adriaan van Os
Sent: Sunday, November 27, 2016 8:24 AM
To: FPC-Pascal users discussions <[hidden email]>
Subject: [fpc-pascal] Readln a password

I wonder what the recommended way is to readln a password from console, as a
standard Readln echoes the password.

1. SetConsoleMode seems to be Windows-specific

2. On Mac OS X, a loop with a Crt.ReadKey until char(13) works in
Terminal.app, but behaves strange in the Xcode Console window (more precise,
uses Crt doesn't seem to be compatible with the Xcode
Console)

3. On Mac OS X, executing '/bin/stty -echo' gives an error message 'stty:
stdin isn't a terminal'
(both in Terminal.appand in the Xcode Console window)

4. I experimented with '/usr/bin/read -s -p Password:' but couldn't get it
working from FPC.

Regards,

Adriaan van Os
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Readln a password

Zaaphod
In reply to this post by Adriaan van Os-2
I would like to mention that if you store your password in a constant like
this:
const
   password='mypassword'

then if someone edits your exe file with any text editor, your password will
be in there as text and easy to find.

I have used this method to get around this...  I store a huge string like
this:
   Emailinfo1=
'êE1669>)d2LU`j=LBK;=]=2mWX3d]jei/m*HzY:`/74F8H0,0/,.*,-0+--*/*-,*+-++,-,/7(
L36dLUB/IS9(d537A:A1j:VbipIYNV=JfB3{[_>pjuPGa5SXX`ko7}sv]/M*m[KSjR[<fdO3-Uma
4>UP.^3<T,@O)J2cWrUIXuz.d4T3vgQ\lX^HrjV:-btd:AXU:g8]FWA;[m7:}?2JQwPV]7Mj-N=1
]A3v;pc';

Then I put together a string using this like this:
Password:=emailinfo1[43]+emailinfo1[21]+emailinfo1[77]+emailinfo1[121]+email
info1[8]+emailinfo1[2]+emailinfo1[83]

Now you can't just edit the .exe file and figure out the password because
the ridiculous string blends in with all the binary stuff.

I actually to something like this but in a much more complicated way.. I
have procedures that break the characters into two nibbles then these are
randomly offset, the offset is then added to a random number then all the
information to decode this is buried in a string of 255 random characters.
I have one program to encode the crazy string and one to decode it.  It's
massively overkill as the above method is hard enough to figure out.



-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Adriaan van Os
Sent: Sunday, November 27, 2016 8:24 AM
To: FPC-Pascal users discussions <[hidden email]>
Subject: [fpc-pascal] Readln a password

I wonder what the recommended way is to readln a password from console, as a
standard Readln echoes the password.

1. SetConsoleMode seems to be Windows-specific

2. On Mac OS X, a loop with a Crt.ReadKey until char(13) works in
Terminal.app, but behaves strange in the Xcode Console window (more precise,
uses Crt doesn't seem to be compatible with the Xcode
Console)

3. On Mac OS X, executing '/bin/stty -echo' gives an error message 'stty:
stdin isn't a terminal'
(both in Terminal.appand in the Xcode Console window)

4. I experimented with '/usr/bin/read -s -p Password:' but couldn't get it
working from FPC.

Regards,

Adriaan van Os
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Readln a password

Adriaan van Os-2
In reply to this post by Zaaphod
James Richters wrote:
> Here is how I read passwords... it generates a random character and displays
> that so someone looking over your shoulder things those characters are the
> password
> It uses readkey which does not display on the screen, one character at a
> time

Thanks for your reply, but please see note 2. of my original message.

Regards,

Adriaan van Os

_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Readln a password

dmitry boyarintsev
In reply to this post by Adriaan van Os-2


On Sun, Nov 27, 2016 at 8:24 AM, Adriaan van Os <[hidden email]> wrote:
I wonder what the recommended way is to readln a password from console, as a standard Readln echoes the password.

1. SetConsoleMode seems to be Windows-specific

I'd think you want something simlar on unix.
Take a look at man 4 termios
specifically at local flag named "ECHO".
you want to disable it via tcsetattr()  (TermIO unit)

thanks,
Dmitry 

_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Readln a password

Tomas Hajny-2
In reply to this post by Adriaan van Os-2
On Sun, November 27, 2016 15:49, Adriaan van Os wrote:

> James Richters wrote:
>> Here is how I read passwords... it generates a random character and
>> displays
>> that so someone looking over your shoulder things those characters are
>> the
>> password
>> It uses readkey which does not display on the screen, one character at a
>> time
>
> Thanks for your reply, but please see note 2. of my original message.

Does the same limitation / issue apply for
Keyboard.GetKeyEvent/PollKeyEvent on Mac OS X?

Tomas


_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Readln a password

Adriaan van Os-2
Tomas Hajny wrote:
> Does the same limitation / issue apply for
> Keyboard.GetKeyEvent/PollKeyEvent on Mac OS X?

To a lesser extent. It doesn't write "funny characters" to the Xcode Console window as "uses CRT"
does, but still echoes typed characters. Like with "uses CRT", the problem doesn't occur in
Terminal.app.

Regards,

Adriaan van Os

_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Readln a password

Adriaan van Os-2
In reply to this post by dmitry boyarintsev
Dmitry Boyarintsev wrote:

> I'd think you want something simlar on unix.
> Take a look at man 4 termios
> specifically at local flag named "ECHO".
> you want to disable it via tcsetattr() Â (TermIO unit)

Thanks for the hint. I haven't yet tried it, but I would expect it to fail, as stty (see stty.c in
GNU coreutils) calls tcsetattr and stty fails reporting 'stty: stdin isn't a terminal' .

Regards,

Adriaan van Os
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Readln a password

Adriaan van Os-2
In reply to this post by dmitry boyarintsev
> Dmitry Boyarintsev wrote:
>
>> I'd think you want something simlar on unix.
>> Take a look at man 4 termios
>> specifically at local flag named "ECHO".
>> you want to disable it via tcsetattr() Â (TermIO unit)
>
> Thanks for the hint. I haven't yet tried it, but I would expect it to fail,as stty (see stty.c in
> GNU coreutils) calls tcsetattr and stty fails reporting 'stty: stdin isn't a terminal' .

No, it was my own fault. I were executing '/bin/stty -echo' with AssignStreams and then StdIn is
indeed not a terminal, but a pipe. When I execute it normally, then stty does work, so I expect
tcsetattr to work too.

So, we can now use Readln without echoing in Terminal.app. There is still echoing to the Xcode
Console window, but let's assume that is a bug or limitation of Xcode.

Maybe something to add to the fpc runtime libs ?

Regards,

Adriaan van Os

_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Readln a password

Michael Van Canneyt


On Sun, 27 Nov 2016, Adriaan van Os wrote:

>> Dmitry Boyarintsev wrote:
>>
>>> I'd think you want something simlar on unix.
>>> Take a look at man 4 termios
>>> specifically at local flag named "ECHO".
>>> you want to disable it via tcsetattr() Â (TermIO unit)
>>
>> Thanks for the hint. I haven't yet tried it, but I would expect it to
>> fail,as stty (see stty.c in GNU coreutils) calls tcsetattr and stty fails
>> reporting 'stty: stdin isn't a terminal' .
>
> No, it was my own fault. I were executing '/bin/stty -echo' with
> AssignStreams and then StdIn is indeed not a terminal, but a pipe. When I
> execute it normally, then stty does work, so I expect tcsetattr to work too.
>
> So, we can now use Readln without echoing in Terminal.app. There is still
> echoing to the Xcode Console window, but let's assume that is a bug or
> limitation of Xcode.
>
> Maybe something to add to the fpc runtime libs ?
If you mean in a cross-platform way, I think we would welcome patches :)

Michael.
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Readln a password

Zaaphod
Shouldn't an extremely basic function like readkey be cross-platform?

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Michael Van
Canneyt
Sent: Sunday, November 27, 2016 12:07 PM
To: FPC-Pascal users discussions <[hidden email]>
Subject: Re: [fpc-pascal] Readln a password



On Sun, 27 Nov 2016, Adriaan van Os wrote:

>> Dmitry Boyarintsev wrote:
>>
>>> I'd think you want something simlar on unix.
>>> Take a look at man 4 termios
>>> specifically at local flag named "ECHO".
>>> you want to disable it via tcsetattr() Â (TermIO unit)
>>
>> Thanks for the hint. I haven't yet tried it, but I would expect it to
>> fail,as stty (see stty.c in GNU coreutils) calls tcsetattr and stty
>> fails reporting 'stty: stdin isn't a terminal' .
>
> No, it was my own fault. I were executing '/bin/stty -echo' with
> AssignStreams and then StdIn is indeed not a terminal, but a pipe.
> When I execute it normally, then stty does work, so I expect tcsetattr to
work too.
>
> So, we can now use Readln without echoing in Terminal.app. There is
> still echoing to the Xcode Console window, but let's assume that is a
> bug or limitation of Xcode.
>
> Maybe something to add to the fpc runtime libs ?

If you mean in a cross-platform way, I think we would welcome patches :)

Michael.

_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Readln a password

Jonas Maebe-2
On 27/11/16 18:54, James Richters wrote:
> Shouldn't an extremely basic function like readkey be cross-platform?

It is, but the crt unit only works with (almost) fully functional
terminal windows, and not with redirected or piped input/output (as used
by Xcode).


Jonas

_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Readln a password

geneb
In reply to this post by Adriaan van Os-2
On Sun, 27 Nov 2016, Adriaan van Os wrote:

> I wonder what the recommended way is to readln a password from console, as a
> standard Readln echoes the password.
>
Readln is wholly unsuited to the task.  You're better off writing a
routine that gets input one character at a time.

g.

--
Proud owner of F-15C 80-0007
http://www.f15sim.com - The only one of its kind.
http://www.diy-cockpits.org/coll - Go Collimated or Go Home.
Some people collect things for a hobby.  Geeks collect hobbies.

ScarletDME - The red hot Data Management Environment
A Multi-Value database for the masses, not the classes.
http://scarlet.deltasoft.com - Get it _today_!
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Readln a password

Tony Whyman
In reply to this post by Michael Van Canneyt
On 27/11/16 17:07, Michael Van Canneyt wrote:
If you mean in a cross-platform way, I think we would welcome patches :)

Michael.

Today, I also came up against the problem of how to read a password from the console without echo. With a bit of googling and code bashing, I have created the following cross-platform code from a "getpassword" function.

uses ...
{$IFDEF WINDOWS} ,Windows {$ENDIF}
{$IFDEF UNIX} ,TermIO, IOStream {$ENDIF}
;

...
{$IFDEF UNIX}
function getpassword: string;
var oldattr, newattr: termios;
    stdinStream: TIOStream;
    c: char;
begin
  Result := '';
  stdinStream := TIOStream.Create(iosInput);
  try
    TCGetAttr(stdinStream.Handle, oldattr);
    newattr := oldattr;
    newattr.c_lflag := newattr.c_lflag and not (ICANON or ECHO);
    tcsetattr( stdinStream.Handle, TCSANOW, newattr );
    try
      repeat
        read(c);
        if c = #10  then break;
        write('*');
        Result += c;
      until false;
      writeln;
    finally
      tcsetattr( stdinStream.Handle, TCSANOW, oldattr );
    end;
  finally
    stdinStream.Free;
  end;
end;
{$ENDIF}
{$IFDEF WINDOWS}
function getpassword: string;
var oldmode, newmode: DWORD;
    c: char;
begin
  Result := '';
  GetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), oldmode);
  newmode := oldmode - ENABLE_ECHO_INPUT - ENABLE_LINE_INPUT;
  SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE),newmode);
  try
    repeat
      read(c);
      if c = #13 then break;
      write('*');
      Result += c;
    until false;
    writeln;
  finally
    SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE),oldmode);
  end
end;
{$ENDIF}

Seems to work for me.

Tony






_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Readln a password

Bart-48
On 1/3/17, Tony Whyman <[hidden email]> wrote:

> Today, I also came up against the problem of how to read a password from
> the console without echo. With a bit of googling and code bashing, I
> have created the following cross-platform code from a "getpassword"
> function.
>
>        repeat
>          read(c);
>          if c = #10  then break;
>          write('*');
>          Result += c;
>        until false;

That does not handle BackSpace (or any other "special key") AFAICS?
Reminds me of one of my program I wrote > 2 years ago.
You could have backspace and escape in your password ;-)

I later implemented an inputfield (using crt unit and reading
key-input using BIOS routines) that behaved just like an edit control,
so it would correctly handle left, right, delete, backspace etc.

Ahh, the good old days of Turbo Pascal.
Sorry, getting a bit sentimental.

Bart
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal