[Cryptography] Password entry protocols

Ray Dillinger bear at sonic.net
Sun Apr 1 12:40:16 EDT 2018



On 03/31/2018 02:55 PM, Jerry Leichter wrote:

> Extending this kind of thing to arbitrary programs seems very difficult.  Perhaps we need something akin to a Secure Attention key that you can hit in a password prompt which will tell you exactly who's asking for the information.  Of course ... you have to get people to use it.
> 


Well, that was the basic remit of the "system request" key - which is
standard on all PC keyboards.  It was provided along with standard BIOS
key input routines that completely ignore it (to prevent any software
from capturing it) supposedly restricting it to privileged use.

That function is largely forgotten today though.

'Print Screen' used to be an alternate function of the System Request
key, invoking a BIOS routine which read all screen memory bypassing any
program control so it could be applied even after a crash, and then
wrote it to the printer port.  Very low-level stuff, intended to be used
for debugging.  But that put a legend 'Print Screen' on the keyboard and
everybody wanted a printing utility that could be used with their GUIs
and under program control and do special things with various software
formats that the pixels on their screen represented and on and on and on.

So there was NO WAY to have a legend on a key labeled 'Print Screen'
that just did that basic BIOS level task, and nothing else, and avoid
having consumers yell about it and demand additional functionality that
could only be provided by making the keystroke visible to all
(virtualized, user-space, etc) software.  So the 'pure' System Request
key had to go, and the key input routines had to become aware of that
key - at least to become aware of the keystroke used for 'Print Screen',
so it could be hijacked (err, excuse me, used) by other utilities.  This
is about the time that 'Print screen' stopped being useful for debugging
after crashes in console-mode programs.  Whatever though, that was a
small loss.

The key is still there, and most BIOSes do support at least one
keystroke isolated from userland software to be used for 'System
Request.' But the 'System Request' legend is not printed on it on most
modern keyboards, and on the very few systems where it still means
anything at all, the 'System Request' keystroke can only be typed using
it in combination with the 'alt' key.

					Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180401/bd85126c/attachment.sig>


More information about the cryptography mailing list