Finding Passwords
Lynn Kerby
lfk at key.key.com
Sat Sep 29 08:43:40 AEST 1990
In article <1990Sep26.215430.10523 at csense.uucp> bote at csense.uucp (John Boteler) writes:
> cgy at cs.brown.edu (Curtis Yarvin) claimed:
> >You should be able to prevent this. SunOS (and thus likely BSD as well,
> >though I don't know) make the first login prompt "<hostname> login:", and
> >switch to plain "login:" if an incorrect password is entered. This disables
> >login trojans by making them unconcealable.
>
> Yes, you're right.
>
> No programmer in the world could possibly defeat this.
Actually it should be pretty trivial to defeat, login will accept the
user name in argv[1], so the user would never see the difference.
Perhaps I missed something in the previous discussion....
--
Lynn Kerby, Amdahl Corporation: lfk at key.amdahl.com or {...}amdahl!key!lfk
<<<<---------------------------- DISCLAIMER ---------------------------->>>>
<<<< Any and all opinions expressed herein are my own. My >>>>
<<<< employer doesn't pay me for my opinion! >>>>
More information about the Comp.unix.internals
mailing list