Xref: utzoo comp.lang.c:39639 alt.folklore.computers:12224 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!paperboy!penge!dbrooks From: dbrooks@penge.osf.org (David Brooks) Newsgroups: comp.lang.c,alt.folklore.computers Subject: Re: Reading a keystroke w/o echo Message-ID: <22260@paperboy.OSF.ORG> Date: 28 May 91 04:11:22 GMT References: <990007@hpcc01.HP.COM> <1991May23.184302.13918@lut.fi> <91147.164007TGREENIN@ESOC.BITNET> Sender: news@OSF.ORG Reply-To: dbrooks@osf.org (David Brooks) Followup-To: alt.folklore.computers Organization: Open Software Foundation Lines: 45 Note headers: stage 1 of moving this to an appropriate group. In article <91147.164007TGREENIN@ESOC.BITNET> TGREENIN@ESOC.BITNET writes: >[re silly ways of obscuring passwords when you can't turn off echo] > >Sorry, this just won't work with Teletypes. What you should do is > >1. Get the user to check noone is looking. >2. Accept the password and wind the carriage back one line > (if appropriate). >3. Output a carriage return [:r] followed by sufficient characters > e.g. '*'s to cover the password. >4. Return step 3, using different characters ('#','@','%' etc.) > until the password is totally obliterated, the paper has a hole > worn in it etc. (this can be quite tedious on a 110 baud TTY). > >Seriously, folks, this approach was used...on a >CDC Cyber system I used to program on at the University of Manchester >in the early 80's. Grrmph. Hardly what *I* would call secure. The timesharing system at Cambridge University (late 60's) accepted your username then typed: ******** SSSSSSSS HHHHHHHH and THEN you entered the password. Most effective, especially if the password contained only S's and H's. I may have the S's and the H's a about f. > Mind you, I can't figure how to solve it for using >punched cards as an input medium. Use a non-verifying punch to begin with. Patch your OS so that it diverts the appropriate cards into the alternate output hopper. Keep a small fire burning in that hopper. Works for me. >Tim Greening-Jackson >E.S.O.C., 6100 Darmstadt, (What used to be West) Germany. They moved it? -- David Brooks dbrooks@osf.org Systems Engineering, OSF uunet!osf.org!dbrooks