[Cryptography] Password entry protocols
Jeremy Stanley
fungi at yuggoth.org
Sat Mar 31 19:53:38 EDT 2018
On 2018-03-31 17:55:59 -0400 (-0400), Jerry Leichter wrote:
[...]
> Back in the old days, we worried about spoofed system login pages.
> If you think about it, this is in fact one of the few
> circumstances where the user *doesn't* take an explicit action to
> initiate the sequence: He sits down at the keyboard, but that in
> and of itself is not an action that triggers anything; the login
> prompt is already there. So the classic fix - the "secure
> attention keystroke", which is guaranteed to take you to the
> actual login program - if used appropriately, does convert a login
> request to a response to a particular sequence of actions. It's
> interesting, though, that among commonly used systems, only
> Windows retains this feature.
[...]
When booted under a default-configured Linux kernel using a QWERTY
or AZERTY keyboard, Alt+SysRq+K is the "secure access key." In
actuality it implements this by killing any processes associated
with the current virtual console. Granted, the relevant section[*]
of the Linux kernel user's and administrator's guide provides the
following disclaimer:
"In its true form it is not a true SAK like the one in a c2
compliant system, and it should not be mistaken as such."
[*] https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180331/64f5c5e8/attachment.sig>
More information about the cryptography
mailing list