Please add a way to read a password from the TTY even if stdin is not connected to the TTY

conradkleinespel / rpassword

Cross platform Rust library to read a password in the terminal (Linux, BSD, OSX, Windows, WASM).

Apache License 2.0

243 stars 38 forks source link

Please add a way to read a password from the TTY even if stdin is not connected to the TTY #23

Closed teythoon closed 6 years ago

teythoon commented 6 years ago

This allows us to echo huhu | sq encrypt --symmetric and prompt for a password.

nwalfield commented 6 years ago

Note: not having support for this introduces a potential security issue: because sq encrypt reads the password (via rpassword) and the content to encrypt from stdin, the password becomes the first line of the file!

conradkleinespel commented 6 years ago

Would you mind telling me what sq is ?

nwalfield commented 6 years ago

Of course, sorry! That is the command line interface for Sequoia, an OpenPGP implementation like gpg. Please see: https://gitlab.com/sequoia-pgp/sequoia https://sequoia-pgp.org

conradkleinespel commented 6 years ago

Oh, alright, well that makes sense then !

Feel free to add support through a PR, I'll be glad to review and merge as long as it doesn't contain breaking changes :+1:

conradkleinespel commented 6 years ago

Actually, allow me to correct that: breaking changes are OK but should be avoided if possible. I'll just bump the major version if there is a breaking change.

conradkleinespel commented 6 years ago

https://github.com/conradkdotcom/rpassword/pull/26