Re: reveal password fix needed
From: Dave (Nobody_at_Nowhere.Com)
Date: 12/03/04
- Next message: Bonj: "Re: Random integer formula?"
- Previous message: Mike D Sutton: "Re: Something else than Sendkeys"
- In reply to: Bonj: "RE: reveal password fix needed"
- Next in thread: Bonj: "Re: reveal password fix needed"
- Reply: Bonj: "Re: reveal password fix needed"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 3 Dec 2004 15:03:20 -0000
Martin
Bonj is dead right, another point is that except in exceptional
circumstances no program should ever store a password. The secure way is to
create a non-reversable hash of the password, store that and then do the
same with what's entered and compare the 2.
Dave.
"Bonj" <Bonj@discussions.microsoft.com> wrote in message
news:B7837DF9-E82C-4BBF-977E-495BC3DA01F9@microsoft.com...
> The point of displaying it as asterisks is not to hide it from another
> program on your computer - it's only to hide it from someone looking over
> your shoulder.
>
> A program running on your computer could glean it anyway by monitoring the
> keys pressed on the keyboard.
>
>
> "Martin Nemzow" wrote:
>
>> Passwords hidden by asterisks in VB and even within Windows can be
>> revealed
>> in full with API call SendMessage among other methods since messages
>> within
>> Windows are not secured in anything other than plaintext unlike trusted
>> systems. Even if the password is encrypted after entry, the password can
>> be
>> intercepted through the system messaging traffic before it gets
>> encrypted.
>>
>> This is not good. Has anyone a solution to this security flaw?
>>
>> Marty Nemzow
>>
>>
>>
- Next message: Bonj: "Re: Random integer formula?"
- Previous message: Mike D Sutton: "Re: Something else than Sendkeys"
- In reply to: Bonj: "RE: reveal password fix needed"
- Next in thread: Bonj: "Re: reveal password fix needed"
- Reply: Bonj: "Re: reveal password fix needed"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
