Quick security question
Oren Beck
orenbeck at gmail.com
Wed Feb 21 11:19:12 CST 2007
This has been informative. A related query has been raised by my study
of the concepts in password security.
The windows os past a certain date makes use of the "ctrl-alt-delete"
keyboard sequence as part of login procedure. I have a basic
understanding of it that's not more detailed then the explanation
given in their help screens. Other than the seemingly simple concept
of making remote attacks need to simulate the keystrokes. The tie-in
to the original post- much of our world's hardware has a "paperclip
reset" or "on board shorting jumper" reset. Intended to either reset
a password or return to shipped values. The security model relied upon
physical access to the
hardware as granting presumption of authority. Blunt simple logic.
If you are touching it, you are presumed to be authorised.
Can the "ctrl-alt-delete" method currently provide a Linux system with
reasonable assurance that a user is physically in front of their
computer? If not, some other method of convincing the os that
the person seeking entrance to the password file is in possession of
that computer, and presumed to be allowed access upon proving that.
The implications of course open up a new thread and I am doing so.
More information about the Kclug
mailing list