Re: Prompting for passwords on the desktop?

On Fri, Sep 19, 2008 at 2:50 PM, Gustavo J. A. M. Carneiro
<gjc inescporto pt> wrote:
> On Fri, 2008-09-19 at 13:09 +0200, Patryk Zawadzki wrote:
>> I believe the goal is to use some uncatchable keyboard sequence a'la
>> Windows' secure auth (Ctrl+Alt+Del).
> This is kind of silly; I have to type a complex keyboard combination in
> order to input a password?  That is annoying.  Additionally, switching
> VTs in Linux is usually slow; more annoyance.  Expect some resistance on
> this "feature".

It's not for regular users, it's for environments with strict security
policies and is the only way to ensure you are not typing the password
into a spoofed prompt. The idea is to ask the user to manually invoke
a "system break" that can't be captured programmatically to guarantee
that the password prompt served by the underlying system, not by some
random program (all non-privileged app GUIs are hidden for the time
and all the grabs are temporarily disabled). I hope you understand
that user-initiated super-grab is the only secure way to input
anything (remember you have no control over other processes running in
the userspace and have to assume they are all malicious).

Patryk Zawadzki

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]