Reading a keystroke w/o echo
David Brooks
dbrooks at penge.osf.org
Tue May 28 14:11:22 AEST 1991
Note headers: stage 1 of moving this to an appropriate group.
In article <91147.164007TGREENIN at ESOC.BITNET> TGREENIN at ESOC.BITNET writes:
>[re silly ways of obscuring passwords when you can't turn off echo]
>
>Sorry, this just won't work with Teletypes. What you should do is
>
>1. Get the user to check noone is looking.
>2. Accept the password and wind the carriage back one line
> (if appropriate).
>3. Output a carriage return [:r] followed by sufficient characters
> e.g. '*'s to cover the password.
>4. Return step 3, using different characters ('#','@','%' etc.)
> until the password is totally obliterated, the paper has a hole
> worn in it etc. (this can be quite tedious on a 110 baud TTY).
>
>Seriously, folks, this approach was used...on a
>CDC Cyber system I used to program on at the University of Manchester
>in the early 80's.
Grrmph. Hardly what *I* would call secure. The timesharing system at
Cambridge University (late 60's) accepted your username then typed:
******** <return> SSSSSSSS <return> HHHHHHHH <return>
and THEN you entered the password. Most effective, especially if the
password contained only S's and H's.
I may have the S's and the H's a about f.
> Mind you, I can't figure how to solve it for using
>punched cards as an input medium.
Use a non-verifying punch to begin with. Patch your OS so that it diverts
the appropriate cards into the alternate output hopper. Keep a small fire
burning in that hopper. Works for me.
>Tim Greening-Jackson
>E.S.O.C., 6100 Darmstadt, (What used to be West) Germany.
They moved it?
--
David Brooks dbrooks at osf.org
Systems Engineering, OSF uunet!osf.org!dbrooks
More information about the Comp.lang.c
mailing list