Thanks for the quick response Geoff. It looks like that just disables terminal echo and uses fgets under linux (which is the platform I'm primarily interested in).
#define QUIET_FGETS fgets QUIET_FGETS ( phrase, sizeof(phrase), input); I'm still concerned that fgets/getchar/etc. may do some buffering behind the scenes. Do you think that's about as good as I'm going to get, though? On Apr 3, 12:50 pm, Geoff Beier <[email protected]> wrote: > On Sun, Apr 3, 2011 at 15:39, avejidah <[email protected]> wrote: > > Is there a way to safely read a password into a SecByteBlock from > > stdin? > > > const unsigned maxLen = 100; > > SecByteBlock password(maxLen+1); > > cin.getline(reinterpret_cast<char*>(password.BytePtr()), maxLen+1); > > > ^^ cin may do some buffering behind the scenes, correct? > > I think it does. Terminal IO details at any lower level than what you > just wrote get a bit hairy and can vary from platform to platform. > It's probably instructive to look at how NSS handles it for Linux and > Windows, though I should caveat this by saying that I haven't > scrutinized their code very carefully. > > Here's the NSS password reading > function:http://mxr.mozilla.org/security/source/security/nss/cmd/lib/secpwd.c#88 > > It should give you a good idea anyway. > > HTH, > > Geoff -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
