Path: utzoo!attcan!uunet!wuarchive!cs.utexas.edu!csc.ti.com!ti-csl!tilde.csc.ti.com!pearl!pearl!mikep
From: mikep@dirty.csc.ti.com (Michael A. Petonic)
Newsgroups: comp.unix.internals
Subject: Re: Finding Passwords
Message-ID: <MIKEP.90Oct3103420@dirty.csc.ti.com>
Date: 3 Oct 90 04:34:20 GMT
References: <8685@mirsa.inria.fr>
Sender: news@pearl.dsg.ti.com (System News Administration)
Organization: Texas Instruments, Speech Mushrooms.
Lines: 26
In-Reply-To: jlf@mirsa.inria.fr's message of 2 Oct 90 13:01:44 GMT

In article <8685@mirsa.inria.fr> jlf@mirsa.inria.fr (Louis Faraut) writes:
>What about a two-ways authentication, modifying the getty program to
>oblige the computer to authenticate itself ?
>
>This could be achieved the following way, by use of a secret keyword, 
>sort of secondary passwd :
>
>- CPU prompts "login:"
>- type your login name
>- CPU uncrypts your secret keyword and display it on screen .
>(Each user keeps up his own secret keyword encrypted in a personal file ;
>only the owner and root can read/modify this file )
>- CPU prompts "passwd:"
>- Now you can either type your usual passwd if the secret
>keyword was right, or do anything else possibly aborting the session .
>
>So, is there an easy way to attack this protocol ?

How about watching over someone's shoulder to observe their
"secret" password.  

>Sorry for bad English, I'm French, nobody is perfect :-)

Uh, no comment.

-MikeP