dbrooks@penge.osf.org (David Brooks) (05/28/91)
Note headers: stage 1 of moving this to an appropriate group. In article <91147.164007TGREENIN@ESOC.BITNET> TGREENIN@ESOC.BITNET writes: >[re silly ways of obscuring passwords when you can't turn off echo] > >Sorry, this just won't work with Teletypes. What you should do is > >1. Get the user to check noone is looking. >2. Accept the password and wind the carriage back one line > (if appropriate). >3. Output a carriage return [:r] followed by sufficient characters > e.g. '*'s to cover the password. >4. Return step 3, using different characters ('#','@','%' etc.) > until the password is totally obliterated, the paper has a hole > worn in it etc. (this can be quite tedious on a 110 baud TTY). > >Seriously, folks, this approach was used...on a >CDC Cyber system I used to program on at the University of Manchester >in the early 80's. Grrmph. Hardly what *I* would call secure. The timesharing system at Cambridge University (late 60's) accepted your username then typed: ******** <return> SSSSSSSS <return> HHHHHHHH <return> and THEN you entered the password. Most effective, especially if the password contained only S's and H's. I may have the S's and the H's a about f. > Mind you, I can't figure how to solve it for using >punched cards as an input medium. Use a non-verifying punch to begin with. Patch your OS so that it diverts the appropriate cards into the alternate output hopper. Keep a small fire burning in that hopper. Works for me. >Tim Greening-Jackson >E.S.O.C., 6100 Darmstadt, (What used to be West) Germany. They moved it? -- David Brooks dbrooks@osf.org Systems Engineering, OSF uunet!osf.org!dbrooks