Kotlin Console Password

The Console object has a readPassword() method that disables echoing and allows a user to enter a password blindly. The password is returned as a character array. Here is an example of how to use the Console class to request a password from the user.

import java.io.Console

fun main(args : Array<String>){
    //Best to declare Console as a nullable type since System.console() may return null
    val console : Console? = System.console()

    when (console){
        //In this case, the JVM is not connected to the console so we need to exit
        null -> {
            println("Not connected to console. Exiting")
            System.exit(-1)
        }
        //Otherwise we can proceed normally
        else -> {
            val userName = console.readLine("Enter your user name => ")
            val pw = console.readPassword("Enter your password => ")

            println("Access Granted for $userName")

            //This is important! We don't know when the character array
            //will get garbage collected and we don't want it to sit around
            //in memory holding the password. We can't control when the array
            //gets garbage collected, but we can overwrite the password with
            //blank spaces so that it doesn't hold the password.
            for (i in 0 until pw.size){
                pw[i] = ' '
            }
        }
    }
}

We begin by getting a reference to the console. Since there is a possibility that System.console() can return null, it’s a best practice to declare console as a nullable type so that we have Kotlin compiler safety. After getting a reference to the console, we can use the when() function to react to the null case or continue with the program.

The call to readPassword (line 16) isn’t very dramatic. The program uses the overloaded version to prompt the user for a password and return the password as a character array. In terms of security, it’s important to never hold a password as a String. That’s why the readPassword() method returns a character array.

Strings are immutable. That means we can never change the value of the String. Furthermore, we never know when the JVM will garbage collect an object. Those two facts make for dangerous circumstances because a String holding a password can sit in memory for an unknown amount of time. Should someone break past the security constraints of the JVM and gain access to the program’s memory, there is the potential they could steal a password.

Character arrays also get garbage collected at unknown times. The difference between the character array and a String is that we can overwrite each element in the array. The example program demonstrates this on lines 25-27 by overwriting each element of the pw array with a blank space. Should someone break into the program’s memory, all they will see is a character array of empty spaces. The operation of converting a password character array to empty spaces should be completed as soon as password validation is finished.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s