Password Masking Console Application

Password masking console application

Console.Write("\b \b"); will delete the asterisk character from the screen, but you do not have any code within your else block that removes the previously entered character from your pass string variable.

Here's the relevant working code that should do what you require:

var pass = string.Empty;
ConsoleKey key;
do
{
    var keyInfo = Console.ReadKey(intercept: true);
    key = keyInfo.Key;

    if (key == ConsoleKey.Backspace && pass.Length > 0)
    {
        Console.Write("\b \b");
        pass = pass[0..^1];
    }
    else if (!char.IsControl(keyInfo.KeyChar))
    {
        Console.Write("*");
        pass += keyInfo.KeyChar;
    }
} while (key != ConsoleKey.Enter);

C# Read Password from Console without showing it

You can use Console.ReadKey(true),and concatenate internally chars into a string

Securing a password input in c# dotnet core console app

Some comments:
1) First and foremost remember that security is not solved in one application. For somebody with full access to the machine there is (almost) nothing you can do to keep a password truly secure.

(Fun exercise: How would you authenticate a password without keeping the password in memory at all?)

2) SecureString only gives you more control over the lifespan of a password in memory by letting you determine when it goes away. A normal string may last a very long time in memory, even until the program exits, since it doesn't go away until garbage collection. SecureString lets you explictly wipe it, but it still exists in memory until then.

3) Using your own char array is a good idea, but I might have used a List because it allows a variable length, or maybe even a LinkedList because it spreads the characters out in memory. Shrug. Refer back to #1 and consider what kind of attacks you're protecting the password from.

Masking password input from the console : Java

A full example ?. Run this code : (NB: This example is best run in the console and not from within an IDE, since the System.console() method might return null in that case.)

import java.io.Console;
public class Main {

    public void passwordExample() {        
        Console console = System.console();
        if (console == null) {
            System.out.println("Couldn't get Console instance");
            System.exit(0);
        }

        console.printf("Testing password%n");
        char[] passwordArray = console.readPassword("Enter your secret password: ");
        console.printf("Password entered was: %s%n", new String(passwordArray));

    }

    public static void main(String[] args) {
        new Main().passwordExample();
    }
}

Mask Password Input in a Console App

Here's a working solution:

program Project2;

{$APPTYPE CONSOLE}

uses
  SysUtils, Windows;

function GetPassword(const InputMask: Char = '*'): string;
var
  OldMode: Cardinal;
  c: char;
begin
  GetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), OldMode);
  SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), OldMode and not (ENABLE_LINE_INPUT or ENABLE_ECHO_INPUT));
  try
    while not Eof do
    begin
      Read(c);
      if c = #13 then // Carriage Return
        Break;
      Result := Result + c;
      if c = #8 then // Back Space
        Write(#8)
      else
        Write(InputMask);
    end;
  finally
    SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), OldMode);
  end;
end;

begin
  try
    Writeln(Format(sLineBreak + 'pswd=%s',[GetPassword]));
    Readln;
  except
    on E: Exception do
      Writeln(E.ClassName, ': ', E.Message);
  end;
end.

Update: Note that the above code handles the BackSpaces visually, but keeps them embedded in the password, which might not be what you want.

In that case the following code would filter them out: 

  if c = #13 then // Carriage Return
    Break;
  if (c = #8) and (Length(Result) > 0) then  // Back Space
  begin
    Delete(Result, Length(Result), 1);
    Write(#8);
  end
  else
  begin
    Result := Result + c;
    Write(InputMask);
  end;

C# Console Application Password Input Checker

You have your logic the wrong way around i.e. do something then check some conditions, whereas you want to check some conditions and then do something. So the following code:

do
{
    Console.WriteLine("Invalid password enter again: ");
    password = Console.ReadLine();
} while (password != PASS1 || password != PASS2 || password != PASS3);

Should read:

while (password != PASS1 && password != PASS2 && password != PASS3)
{
    Console.WriteLine("Invalid password enter again: ");
    password = Console.ReadLine();
}

Notice that I also changed the logical ORs || to logical ANDs &&. this is because you want to check if it is not equal to all of them, not just one.

On a side note the variable Password is unused and should be removed as it can lead to typo errors to your used variable password.


Related Topics

ASP.NET MVC: How to Redirect a Non Www to Www and Vice Versa

Change Values in JSON File (Writing Files)

Find a File with a Certain Extension in Folder

Ef Code First: How to Get Random Rows

Declaration Suffix for Decimal Type

Creating an Instance Using Ninject with Additional Parameters in the Constructor

How to Restart a Wpf Application

"The Given Path's Format Is Not Supported."

How to Post Data Using Httpclient

Using Statement VS. Idisposable.Dispose()

Default Parameter for Value Must Be a Compile Time Constant

Using Layers and Bitmask with Raycast in Unity

Internet Explorer Protective Mode Setting and Zoom Levels

Convert.Changetype() Fails on Nullable Types

When the Same User Id Is Trying to Log in on Multiple Devices, How to Kill the Session on the Other Device

Good Aes Initialization Vector Practice

How to Find the Extension of a File in C#

Ef 4.1 - Code First - JSON Circular Reference Serialization Error


Leave a reply



Submit