[Cryptography] Password entry protocols

Jerry Leichter leichter at lrw.com
Sun Apr 1 11:06:28 EDT 2018


>> Back in the old days, we worried about spoofed system login pages. [...] It's interesting, though, that among commonly used systems, only Windows retains this feature.
> 
> It's been a while since I played with the university's IBM-360/50, but I recall that you had to hit the "ATTN" key to, well, get its attention...
That was something a bit different.  Old IBM equipment was half-duplex, controlled entirely from the system side:  It filled the screen, then you filled in some data and sent it back.  This fit well with another property of these systems:  Their terminal interactions were block mode.  Rather than sending individual keystrokes, they sent a bunch of filled-in fields that the system had previous provided.  It was because of the block mode transmission that mainframes of the day - with tiny memory and very slow CPU's by today's standards - could handle tens or even hundreds of terminals.

The keyboard was normally locked/dead when the system wasn't expecting a block to be sent.

Sometimes, though, you need a way to initiate (or terminate) an action from the user side.  Hence, the ATTN key - which was always live, and simply asked for attention.  Login was a natural use, as it meant the system didn't need to have requests outstanding at every currently-unused terminal just in case someone wanted to log in.

> Is this still the practice on big boxen (assuming that there are any)?
Oh, there are plenty of them still around.  But in general mainframes today don't talk to "terminals"; hell, hardly anyone talks to "terminals" any more.  It's much more cost-effective to put a PC where you used to put a terminal - and the protocols are of course now entirely different.  (Though if you think about it, running a front end program on the PC is an expansion of what block mode used to be.)

But I'll bet you can still find old block-mode applications in use if you look hard enough.

> In Unix-land in the 70s when dinosaurs strode the earth and kiddies' login emulators were rife, there was a proposal to make the BEL character "special" i.e. only the OS could output it, and it would be part of the login prompt; pity that it never took off.
Interesting; never heard of that.

APL\360 solved a related (but different) problem:  It had a kind of "raw mode" input which accepted every legal character and sent it to a user program.  IBM Selectrics (used as terminals) didn't have anything like "CTRL/C", or even an ATTN key.  So ... if you had a bug in a program that caused it to prompt in "raw mode" forever ... what to do?  The APL\360 character set had many characters created by over-striking - none of which I can reasonably demonstrate with the ASCII character set.  So they O <Backspace> U <Backspace> T as a character - except it was the only one that "raw mode" would *not* read.  Instead, it immediately suspended the currently executing code and popped out to the Read-Eval-Print loop that was APL's interface.  (From there you could discard the previously-running context.)
                                                        -- Jerry



More information about the cryptography mailing list