Bill Studenmund wrote: > getpass() should already be ok. It specifically only accepts _PASSWORD_LEN > characters (which is 128 in libc/userland). See src/sys/lib/libsa/checkpasswd.c, line 88. default: *lp++ = c; putchar('*'); There's no check at all. Roland