Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!sdd.hp.com!decwrl!bacchus.pa.dec.com!decuac!hussar.dco.dec.com!mjr
From: mjr@hussar.dco.dec.com (Marcus J. Ranum)
Newsgroups: comp.unix.internals
Subject: Re: Finding Passwords
Message-ID: <1990Oct5.171944.22571@decuac.dec.com>
Date: 5 Oct 90 17:19:44 GMT
References: <8685@mirsa.inria.fr> <12438:Oct223:00:3290@kramden.acf.nyu.edu> <651@puck.mrcu>
Sender: news@decuac.dec.com (Network News)
Reply-To: mjr@hussar.dco.dec.com (Marcus J. Ranum)
Organization: Digital Equipment Corp., Ultrix Resource Center
Lines: 14

In article <651@puck.mrcu> paj@uk.co.gec-mrc (Paul Johnson) writes:

[challenge/password scheme deleted]

>This will prevent problems with someone looking over your shoulder on
>one occasion, but if they can watch you repeatedly then it starts
>becoming easier.

	Actually, all it takes is once, if the watcher has a decent
video camera and a vcr with decent slow-motion. Spiffy computer rooms
with big glass windows are especially good targets, if the operator's
console is visible.

mjr.