Finding Passwords
Michael A. Petonic
mikep at dirty.csc.ti.com
Wed Oct 3 14:34:20 AEST 1990
In article <8685 at mirsa.inria.fr> jlf at mirsa.inria.fr (Louis Faraut) writes:
>What about a two-ways authentication, modifying the getty program to
>oblige the computer to authenticate itself ?
>
>This could be achieved the following way, by use of a secret keyword,
>sort of secondary passwd :
>
>- CPU prompts "login:"
>- type your login name
>- CPU uncrypts your secret keyword and display it on screen .
>(Each user keeps up his own secret keyword encrypted in a personal file ;
>only the owner and root can read/modify this file )
>- CPU prompts "passwd:"
>- Now you can either type your usual passwd if the secret
>keyword was right, or do anything else possibly aborting the session .
>
>So, is there an easy way to attack this protocol ?
How about watching over someone's shoulder to observe their
"secret" password.
>Sorry for bad English, I'm French, nobody is perfect :-)
Uh, no comment.
-MikeP
More information about the Comp.unix.internals
mailing list