[Cryptography] Password entry protocols

John Levine johnl at iecc.com
Sun Apr 1 14:09:00 EDT 2018


In article <E1f2dmL-000Fei-HB at elasmtp-kukur.atl.sa.earthlink.net> you write:
>So to implement a password system on a modern computer&OS, one
>would need the ability to reliably take *exclusive* control of
>a portion of the screen -- which no one else could either read
>or write -- and the ability to reliably take *exclusive* control
>of the keyboard.  As we have painfully learned over the years,
>simple SW means of exclusion can be trivially bypassed; this
>exclusion has to be enforced in *hardware*.

Windows NT had a kernel feature that Ctrl-Alt-Del would pop up a
kernel login window, and there was no way for applications to hook
that key combination.  It seemed to have worked OK.

I agree that on phones with touch screens it's hard to think of
what an analogous kernel-only signal would be.

R's,
John


More information about the cryptography mailing list