This forum has been archived. All content is frozen. Please use KDE Discuss instead.

Avoid password stealing

Page 2 of 2 (16 posts)

Previous 1, 2

6

Votes
9
3
Tags: security security security
(comma "," separated)
flo
Registered Member
Posts
22
Karma
0
OS

RE: [Security] Avoid password stealing

Mon Apr 06, 2009 6:43 pm
Alec wrote:
flo wrote:The key to solve intercepting passwords is to provide a non-interceptable keyboard-shortcut. After having typed (for instance) ctrl-alt-pause the user switches into secure area (controlled by a root-program) where she can safely enter the password without fearing password-interception.

Edit: The non-interceptable shortcut and the secure area must be implemented on lower levels (xorg, kernel), but in theory they are small. And even if they do not exist yet KDE can start preparing for them. For now just KDE could intercept the "non-interceptable" shortcut.


And what if I remotely connect through the VNC? Does that mean I can not assume root privileges?

In my proposal no. But nothing prevents the KDE framework from providing a button "I can't enter the shortcut. Let me enter the password in an insecure way."
Ideally the secure password-mode should eventually be transmitted when using VNC and ssh (or any other remote administration tool).

Page 2 of 2 (16 posts)

Previous 1, 2

Bookmarks


Who is online

Registered users: abc72656, Bing [Bot], daret, Google [Bot], Sogou [Bot], Yahoo [Bot]