Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: Notesfiles $Revision: 1.6.2.17 $; site uokvax.UUCP
Path: utzoo!watmath!clyde!cbosgd!ihnp4!inuxc!pur-ee!uiucdcs!uokvax!emks
From: emks@uokvax.UUCP
Newsgroups: net.crypt
Subject: Re: Using crypt with ksh
Message-ID: <12900005@uokvax.UUCP>
Date: Tue, 29-Jan-85 00:54:00 EST
Article-I.D.: uokvax.12900005
Posted: Tue Jan 29 00:54:00 1985
Date-Received: Thu, 24-Jan-85 07:10:13 EST
References: <777@hou2h.UUCP>
Lines: 19
Nf-ID: #R:hou2h:-77700:uokvax:12900005:000:984
Nf-From: uokvax!emks    Jan 21 23:54:00 1985

/***** uokvax:net.crypt / trsvax!gordon /  8:25 pm  Jan 20, 1985 */
If crypt is entered without a key, it will ask for one from the terminal.
(At least on 4.1bsd and Xen*x (v7 clone), it does).  This is a fairly secure 
method of key entry compared to putting it on the command line:  it keeps the 
key out of .history files, it keeps it away from someone doing a ps at the 
wrong time, and it is never visible to the person standing behind you looking
at your crt, as long as he also can't see what your fingers are typing.  If 
your version of UN*X crypt doesn't have this capability, it ought to.
/* ---------- */
True.  I might point out that unless your system also has magic things like
/dev/{k,}mem secured, you're asking someone (albeit a *knowledgeable* someone)
to take your {login,crypt,secretmail,etc.} key away from you.  And since
few people use more than two or three passwords for these sorts of things,
the possibility of compromise becomes great.

Sigh...

		kurt