next up previous
Next: About this document Up: Protection Previous: Other Methods

Computer Authentication

In the previous discussion, we saw how a user identifies himself to the system. The following example illustrates why it may be also important for the system to be able to identify itself to the user. A popular method for gathering passwords uses the following strategy. A user executes leaves running on a terminal a program that simulates the login behavior of the system: it prompts the user for a login name and a password. When a trusting user enters the two items, the program writes this information in a file accessible by the owner of the program, enters the error message "Invalid Login", and executes next the standard system user authentication program. The user, thinking he had mistyped his password, repeats his actions, which lead to a successful login. Thus he never realizes that his login name and password have been gathered by another user.


Prasun Dewan
Mon Nov 4 12:08:34 EST 1996