Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!athena.mit.edu!scs
From: scs@athena.mit.edu (Steve Summit)
Newsgroups: comp.unix.wizards
Subject: Re: Password security
Message-ID: <8161@bloom-beacon.MIT.EDU>
Date: 27 Nov 88 18:49:16 GMT
References: <4449@sneaky.TANDY.COM> <14128@conexch.UUCP> <517@auspex.UUCP> <756@quintus.UUCP>
Sender: daemon@bloom-beacon.MIT.EDU
Reply-To: scs@adam.pika.mit.edu (Steve Summit)
Distribution: na
Lines: 22

>> >>- Certain characters are untypable in passwords:  nul, newline, backspace, 
>> >>  and line-kill characters, and possibly ^S, ^Q, and ^M.
>>Yes, Virginia, there are UNIX systems that don't have "literal-next".
>System V has back-slash, which will quote the character-delete and line-kill
>characters.

And, in fact, using devious combinations of backslash and/or the
erase character can make for rather secure passwords, especially
if what you're worried about is people looking over your shoulder
as you type.  I once had a root password with an explicit rubout
in it, which had to be quoted with a \ when typing it.  Lately,
when using rlogin and telnet, I've been deliberately mistyping my
(normal, printable) password, and correcting it in mid-stream,
dodging behind a few meaningless backslashes just for good
measure, in case there are any network snoop programs running,
which are clever enough to grab password packets but not clever
enough to reproduce the tty driver in all its arcane detail.
(Whoops, I guess the trick's not much good now that the secret is
out.)

                                            Steve Summit
                                            scs@adam.pika.mit.edu