[Cryptography] Password entry protocols
Jerry Leichter
leichter at lrw.com
Sun Apr 1 11:19:42 EDT 2018
>> Computers don't just randomly ask you to type in your password. In a well-designed system, password requests are *responses to user actions*, such as connecting to a web site.
> The problem is, the password model only works (if it ever did)
> when you have a *single process* running on your computer.... [T]o implement a password system on a modern computer&OS, one
> would need the ability to reliably take *exclusive* control of
> a portion of the screen -- which no one else could either read
> or write -- and the ability to reliably take *exclusive* control
> of the keyboard....
Are we talking about inherent architectural/design issues or implementation issues/bugs?
No system I've used in many years has, by design, allowed one program to grab control of terminal input from another program. (An old, old exception would be RSX-11 - which by default was much like Unix with an implicit "&" at the end of *every* command line - but *without* job control.)
Output to the screen is more complicated because of the desire to write all kinds of programs to enhance the output of *other* programs, but the intent of all windowing systems these days is to make it pretty clear where one window ends and another begins, and the only way to write over a window ought to be to obscure it.
Yes, attacks like "clickjacking" exist, but if you look at them, they rely on the ability to fool the user by putting an *invisible* window over the window he thinks he's clicking on, not the ability to change the visible contents of some other window. And the ability to do this kind of thing is universally seen as a security bug and is fixed.
Can you show an example of an attack of the sort you have in mind? All kinds of things are possible "in general principle"; not so many are actually realizable.
-- Jerry
More information about the cryptography
mailing list