Finding Passwords

Dan Bernstein brnstnd at kramden.acf.nyu.edu
Tue Oct 9 20:13:51 AEST 1990


In article <13 at tdatirv.UUCP> sarima at tdatirv.UUCP (Stanley Friesen) writes:
> In article <22024:Oct606:35:1090 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
> >In article <652 at puck.mrcu> paj at uk.co.gec-mrc (Paul Johnson) writes:
> >> If you are worried about physical line security then use encryption.
> >All that's necessary is that the concentrator and the computer accept some
> >key sequence (such as break) to unconditionally mean ``I want to talk to
> >someone I can trust, so gimme a proper prompt and shove any middlemen
> >out of the way.'' That's it.
> This does *not* deal with *physical* line security.  A *physical* *tap*
> on the line between the computer and the terminal cannot be bypassed by
> simple software means.

We're only talking about stopping trojan horses. Not about password
security. Nor about login spoofs.

It's not my fault that if someone videotapes your keyboard then he gets
your password. Can people stop changing the problem here?

Under the assumption I made---that each communications line is direct
and has some unconditional way to remove any middlemen---Trojan Horses
are stopped. There's no need for encryption to solve this problem.

---Dan



More information about the Comp.unix.internals mailing list