Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!elroy.jpl.nasa.gov!swrinde!mips!spool.mu.edu!uunet!tdatirv!sarima
From: sarima@tdatirv.UUCP (Stanley Friesen)
Newsgroups: comp.lang.c
Subject: Re: Reading a keystroke w/o echo
Message-ID: <8@tdatirv.UUCP>
Date: 28 May 91 19:38:11 GMT
References: <990007@hpcc01.HP.COM> <1991May23.184302.13918@lut.fi> <91147.164007TGREENIN@ESOC.BITNET>
Reply-To: sarima@tdatirv.UUCP (Stanley Friesen)
Organization: Teradata Corp., Irvine
Lines: 25

In article <91147.164007TGREENIN@ESOC.BITNET> TGREENIN@ESOC.BITNET writes:
>Sorry, this just won't work with Teletypes. What you should do is
>
>1. Get the user to check noone is looking.
>2. ...
>5. If you want a *truly* secure routine, then prompt the user to
>   remove the ribbon (if appropriate) and burn it after the program
>   has finished running. ...

And, if the Teletype has a built-in paper tape punch, have the user make
sure it is turned off!

Seriously, I once walked into a public computer center and found a strip
of punched paper tape laying about.  When I checked out its contents it
was somebodies login - including password (and carriage returns and over-
strikes).

Luckily for that user I am a fairly considerate person - I destroyed the
tape and did not do anything nasty to his account.

Password security is *not* a trivial job.  [Just think about logging in
over a network with a packet monitor on it].
-- 
---------------
uunet!tdatirv!sarima				(Stanley Friesen)