Visible Password

david at gbenet.com david at gbenet.com
Fri Jun 22 18:04:40 CEST 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 22/06/12 16:54, David Chadwick wrote:
> Hi All
> 
> I was demonstrating GPA for the first time to a class of students yesterday and a very 
> strange thing happened. (Note that I am new to GPA, having used OpenPGP for the last
> 10 years, so I am not familiar with its "normal" behaviour). When I signed a message in
> the clipboard and was asked for my private key password, I typed it in, and to my
> horror saw that the password was displayed in the clear in another small window at the
> bottom left hand side of the screen, instead of showing as **** in the normal password
> window. The class thought this was very humorous. This small window then disappeared
> (without me doing anything). Later on in class I decided to change my password, and
> this time, when the new password screen appeared, and I typed in my new password, and
> it also appeared in a new small window, in the clear, at the bottom left hand side of
> the screen. Then it disappeared.
> 
> Has anyone every come across anything like this before?
> 
> I have tried to repeat this several times since the class, and am unable to. My PC was 
> running very slowly at the time of the demo and I initially wondered if it was a timing
> issue.
> 
> Otherwise I can only think that a very clever student in the class had hacked into my
> PC (which was connected to the wireless Internet the whole time) during the lecture,
> and had placed the key pop-up window ther braine on cue to capture my passwords as I
> typed. But this would seem to be a very difficult thing to do, and a very clever
> student
> 
> regardst
> 
> David
> 

Hello David,

GPA on Linux has not done this - is it Windows? What other applications were running at
the time? Perhaps one of them "captured" it - your passphrase? All I can think of is that
you started a programme or a log-in that required a password - that programme was still
running and captured your passphrase - but their are better brains then me :)

David

- -- 
https://linuxcounter.net/user/512854.html - http://gbenet.com/blog - cryptology - for
books how-to's - mailing lists and more
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJP5JeYAAoJEOJpqm7flRExFY8H/2hR73oDIRNDTCkDimFB0BWi
LrEnUSmseDNf5OGYOFZqyLnFvSEAz0/BnzvWfoQZWELmZJkeHvHTg9F1reatircU
Ty7yRZvILtc8xnpvkKw06drcm4hQ9ZX5ReNgmX74ak3jTKUUorURP6FRKuCGI27y
hC+8u/LXkYt4fUpJhbjGoFQvf9FGTqyVjJqtT+xnRc2bMGvcScdlpOjhaX3Z8krS
FqRqkBSG4LnduhD3HBQj0MIWNnKcE+kttT8nrs9t+eYhD9xToEApG+D57YnnZH/V
wKCMpFE/vdAm/vho6eHsUKQETyChoaZOvLVQkZF2zm4wJlhhTr3peRmTcM3URsM=
=e/KO
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list