Finding Passwords
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Sat Oct 6 16:35:10 AEST 1990
In article <652 at puck.mrcu> paj at uk.co.gec-mrc (Paul Johnson) writes:
> If you are worried about physical line security then use encryption.
> There are ways in which your terminal and computer can authenticate
> each other. If you are using a public terminal then you need a smart
> card device to provide keys.
Unnecessary, unnecessary, and unnecessary.
This is the flip side of what I've said before. It's actually rather
easy to *avoid* all Trojan Horses. All you need is some way to make sure
you're talking to the right object---and no intermediate object---on
each communications link.
Say, for example, that a terminal is connected directly to a terminal
concentrator, which has direct connections to ttys of a computer. All
that's necessary is that the concentrator and the computer accept some
key sequence (such as break) to unconditionally mean ``I want to talk to
someone I can trust, so gimme a proper prompt and shove any middlemen
out of the way.'' That's it.
---Dan
More information about the Comp.unix.internals
mailing list