Finding Passwords
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Wed Oct 3 09:00:32 AEST 1990
In article <8685 at mirsa.inria.fr> jlf at mirsa.inria.fr (Jean-Louis Faraut) writes:
> What about a two-ways authentication, modifying the getty program to
> oblige the computer to authenticate itself ?
Fails. As I've said before, you can't reliably *avoid* a Trojan Horse
unless you can reliably *detect* a Trojan Horse. If you don't have a
trusted path, the intruder can masquerade as you, forwarding enough of
the responses you supply to authenticate itself and then taking control
of your account.
---Dan
More information about the Comp.unix.internals
mailing list