Visible Password

David Chadwick d.w.chadwick at kent.ac.uk
Fri Jun 22 17:54:35 CEST 2012 

Hi All

I was demonstrating GPA for the first time to a class of students 
yesterday and a very strange thing happened. (Note that I am new to GPA, 
having used OpenPGP for the last 10 years, so I am not familiar with its 
"normal" behaviour). When I signed a message in the clipboard and was 
asked for my private key password, I typed it in, and to my horror saw 
that the password was displayed in the clear in another small window at 
the bottom left hand side of the screen, instead of showing as **** in 
the normal password window. The class thought this was very humorous. 
This small window then disappeared (without me doing anything). Later on 
in class I decided to change my password, and this time, when the new 
password screen appeared, and I typed in my new password, and it also 
appeared in a new small window, in the clear, at the bottom left hand 
side of the screen. Then it disappeared.

Has anyone every come across anything like this before?

I have tried to repeat this several times since the class, and am unable 
to. My PC was running very slowly at the time of the demo and I 
initially wondered if it was a timing issue.

Otherwise I can only think that a very clever student in the class had 
hacked into my PC (which was connected to the wireless Internet the 
whole time) during the lecture, and had placed the key pop-up window 
there on cue to capture my passwords as I typed. But this would seem to 
be a very difficult thing to do, and a very clever student

regards

David

-- 

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

More information about the Gnupg-users mailing list