[cryptography] cryptography Digest, Vol 16, Issue 52

lawlor.craig at gmail.com lawlor.craig at gmail.com
Tue Jun 28 20:13:10 EDT 2011


hi all

I'm new to the list, thanks for such nice discussion. I'm not a 
programmed but rather advanced used with few decades of experience in 
use of encryption.
>>> The most immediate problem for many users w.r.t. non-ASCII in
>>> passwords is not the likelihood of interop problems but the
>>> heterogeneity of input methods and input method selection in login
>>> screens, password input fields in apps and browsers, and so on, as
>>> well as the fact that they can't see the password they are typing to
>>> confirm that the input method is working correctly.
>>>       
>> This particular security idea came from terminal laboratories in the 1970s and 1980s where annoying folk would look over your shoulder to read your password as you typed it.
>>
>> The assumption of people looking over your shoulder is well past its use-by date.  These days we work with laptops, etc, which all work to a more private setting.  Even Internet Cafes have their privacy shields between booths.
>>
>> There are still some lesser circumstances where this is an issue (using your laptop in a crowded place or typing a PIN onto a reader/ATM). Indeed in the latter case, the threat is a camera that picks up the keys as they are typed.
>>
>> But for the most part, we should be deprecating the practice at its mandated level and exploring optional or open methods. 
in PGP such option "show password" existed for ages



More information about the cryptography mailing list