What should the password/security/userinfo/login system include?
Dan Bernstein
brnstnd at stealth.acf.nyu.edu
Tue Dec 12 06:32:50 AEST 1989
In article <1236 at ispi.UUCP> jbayer at ispi.UUCP (Jonathan Bayer) writes:
> les at chinet.chi.il.us (Leslie Mikesell) writes:
> >I want logging of *all* keystrokes during a failing attempt at logging
> >in (more to allow me to help with the problem, but it would also
> >help detect intruders).
My login program does this; it even records the times between keystrokes.
It runs in raw mode at the moment, though I'm considering switching back
to cbreak. (Why does this imply that login and getty/telnetd need to be
combined?)
> This is not a good idea. If someone unauthorized sees this log file
> they would have a fairly good idea of some of the passwords on the
> system.
All password characters (except backspace and newline) are replaced by x.
The information loss does not outweigh the security gain.
---Dan
More information about the Comp.unix.wizards
mailing list