Programmer Humor

19918 readers

2097 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

[email protected]

365

Whoa there buddy, calm down (programming.dev)

submitted 9 months ago by [email protected] to c/[email protected]

49 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 0 points 9 months ago* (last edited 9 months ago)

Having read the paper, there seems to be a glaring problem: Even though the user can't tell an attacker the password, nothing is stopping them from demonstrating the password. It doesn't matter if it's an interactive sequence -- the user is going to remember enough detail to describe the "prompts".

A rubber hose and a little time will get enough information to make a "close enough" mock-up of the password entry interface the trusted user can use to reveal the password.