Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cs.utexas.edu!wuarchive!uunet!tdatirv!sarima
From: sarima@tdatirv.UUCP (Stanley Friesen)
Newsgroups: comp.unix.internals
Subject: Re: Finding Passwords
Message-ID: <13@tdatirv.UUCP>
Date: 8 Oct 90 23:31:15 GMT
References: <8685@mirsa.inria.fr> <12438:Oct223:00:3290@kramden.acf.nyu.edu> <652@puck.mrcu> <22024:Oct606:35:1090@kramden.acf.nyu.edu>
Reply-To: sarima@tdatirv.UUCP (Stanley Friesen)
Organization: Teradata Corp., Irvine
Lines: 19

In article <22024:Oct606:35:1090@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>In article <652@puck.mrcu> paj@uk.co.gec-mrc (Paul Johnson) writes:
>> If you are worried about physical line security then use encryption.

>All that's necessary is that the concentrator and the computer accept some
>key sequence (such as break) to unconditionally mean ``I want to talk to
>someone I can trust, so gimme a proper prompt and shove any middlemen
>out of the way.'' That's it.

This does *not* deal with *physical* line security.  A *physical* *tap*
on the line between the computer and the terminal cannot be bypassed by
simple software means.  Just because you know that you are talking to
login (or whatever) does *not* mean nobody is listening passively on the
same com link!  For physical line security encryption and physical access
restriction are the *only* two possible solutions.

-- 
---------------
uunet!tdatirv!sarima				(Stanley Friesen)