Path: utzoo!attcan!uunet!mcsun!ukc!pyrltd!root44!hrc63!mrcu!paj From: paj@mrcu (Paul Johnson) Newsgroups: comp.unix.internals Subject: Re: Finding Passwords Message-ID: <651@puck.mrcu> Date: 5 Oct 90 08:55:13 GMT References: <8685@mirsa.inria.fr> <12438:Oct223:00:3290@kramden.acf.nyu.edu> Reply-To: paj@uk.co.gec-mrc (Paul Johnson) Organization: GEC-Marconi Research Centre, Great Baddow, UK Lines: 51 Summary: Expires: Sender: Followup-To: >In article <8685@mirsa.inria.fr> jlf@mirsa.inria.fr (Jean-Louis Faraut) writes: >> What about a two-ways authentication, modifying the getty program to >> oblige the computer to authenticate itself ? > >Fails. As I've said before, you can't reliably *avoid* a Trojan Horse >unless you can reliably *detect* a Trojan Horse. If you don't have a >trusted path, the intruder can masquerade as you, forwarding enough of >the responses you supply to authenticate itself and then taking control >of your account. > No it does not. What M. Faraut originally wrote was: > - CPU prompts "login:" > - type your login name > - CPU uncrypts your secret keyword and display it on screen . > (Each user keeps up his own secret keyword encrypted in a personal file ; > only the owner and root can read/modify this file ) > - CPU prompts "passwd:" > - Now you can either type your usual passwd if the secret > keyword was right, or do anything else possibly aborting the session . You do not type your password until the computer has given you your secret keyword. The only problem with this is that someone might be looking over your shoulder. There are ways around this, but they start getting too complicated for humans to use: for example the user could challenge the computer with one of a range of keywords to which the computer would have to respond with a corresponding word (eg donald-duck, micky-mouse, brian-kernighan) Computer: Login: User: paj C: Your challenge: U: [no echo] micky C: My response is "mouse". Your password: U: [no echo] secret C: paj logged in at.... This will prevent problems with someone looking over your shoulder on one occasion, but if they can watch you repeatedly then it starts becoming easier. A plain trojan could not make the correct response: all it could collect would be the user's challenge. It would not be able to make the response (unless the villain had managed to deduce the list by prolonged observation) and hence would fail. Paul. -- Paul Johnson UUCP: !mcvax!ukc!gec-mrc!paj --------------------------------!-------------------------|------------------- GEC-Marconi Research is not | Telex: 995016 GECRES G | Tel: +44 245 73331 responsible for my opinions. | Inet: paj@uk.co.gec-mrc | Fax: +44 245 75244