Visible Password
David Chadwick
d.w.chadwick at kent.ac.uk
Fri Jun 22 13:04:10 CEST 2012
Hi All
I was demonstrating GPA for the first time to a class of students
yesterday and a very strange thing happened. (Note that I am new to GPA,
having used OpenPGP for the last 10 years, so I am not familiar with its
"normal" behaviour). When I signed a message in the clipboard and was
asked for my private key password, I typed it in, and to my horror saw
that the password was displayed in the clear in another small window at
the bottom left hand side of the screen, instead of showing as **** in
the normal password window. The class thought this was very humorous.
This small window then disappeared (without me doing anything). Later on
in class I decided to change my password, and this time, when the new
password screen appeared, and I typed in my new password, and it also
appeared in a new small window, in the clear, at the bottom left hand
side of the screen. Then it disappeared.
Has anyone every come across anything like this before?
I have tried to repeat this several times since the class, and am unable
to. My PC was running very slowly at the time of the demo and I
initially wondered if it was a timing issue.
Otherwise I can only think that a very clever student in the class had
hacked into my PC (which was connected to the wireless Internet the
whole time) during the lecture, and had placed the key pop-up window
there on cue to capture my passwords as I typed. But this would seem to
be a very difficult thing to do, and a very clever student
regards
David
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the Gnupg-users
mailing list