Re: Secure passwords?

Juergen Nieveler <juergen.nieveler.nospam@xxxxxxxx> wrote in
news:Xns971F63F901557juergennieveler@xxxxxxxxxxxx:

> "nemo_outis" <abc@xxxxxxx> wrote:
>
>> Call me crazy if you will, but I'm of the opinion that you should not
>> be entering ANY password, whether asterisk protected or not, while
>> someone is looking over your shoulder.
>
> The question is wether you'd actually notice somebody looking - Tempest-
> attacks exist, as do binoculars. Oh, and whatever became of that
> theoretical attack where somebody wanted to use the light reflected on
> the wall to read the screen?
>
>
> Juergen Nieveler



If you would not notice somebody looking (or other forms of surrepitious
observation and/or recording) there is something desperately wrong, either
with you or with your environment.

I take it as axiomatic that physical security of the computing environment
has been established before all else; otherwise all the other safguards, no
matter how elegant, no matter how many bits of encryption they include, are
a castle built on sand.

If, however, rather than the computing environment being insecure, it is
oneself who is oblivious, then, again, no technical tricks will rescue one
from the consequences.

Regards,

PS Yes, there can be specialized circumstances where physical security is
weak (e.g., at a public ATM) and asterisked passwords have some limited
value, but, in general, asterisked passwords are mostly frippery. In a
situation where they are not needed, they are an annoyance; in a situtation
where they might be needed, they are grossly inadequate.

And, further, there can be other situations intermediate between the two
cases (e.g., firing up your laptop in an airport lounge). However, even
here, asterisks would be a very feeble reed to rely on. No, secure the
environment first - otherwise you are gambling on the adversary's absence
or ineptitude, not the strength of your system. Like Russian roulette, it
is a gamble that you may sometimes win, but that doesn't make it any less
imprudent.

.