[Cryptography] Password entry protocols
John Levine
johnl at iecc.com
Sun Apr 1 14:09:00 EDT 2018
In article <E1f2dmL-000Fei-HB at elasmtp-kukur.atl.sa.earthlink.net> you write:
>So to implement a password system on a modern computer&OS, one
>would need the ability to reliably take *exclusive* control of
>a portion of the screen -- which no one else could either read
>or write -- and the ability to reliably take *exclusive* control
>of the keyboard. As we have painfully learned over the years,
>simple SW means of exclusion can be trivially bypassed; this
>exclusion has to be enforced in *hardware*.
Windows NT had a kernel feature that Ctrl-Alt-Del would pop up a
kernel login window, and there was no way for applications to hook
that key combination. It seemed to have worked OK.
I agree that on phones with touch screens it's hard to think of
what an analogous kernel-only signal would be.
R's,
John
More information about the cryptography
mailing list