[
Lists Home |
Date Index |
Thread Index
]
> out to be a security hole in your sshd, then you might be happy that you
> didn't post the IP address for your vulnerable system on the web.
Since most port scans are automated, it really doesn't matter if you
publish your IP address or not. :(
Passwords aren't security through obscurity. They are keys into what are
usually (these days) strong crypto systems. Passwords are "bad" because
humans usually pick them, resulting in weak keys. An example of StO are
various ways that PDF files were protected, as discovered by the Russian
Programmer.
Security through obscurity has a definite meaning in the security world:
an important part of the protection of the *algorithm* requires it to be
secret. This directly violates Kerchoff's principal, which says assume
the algorithm is public, and concentrate on the strength of the key.
*THAT* is why passwords are historically bad.
> where we replace passwords with cryptographically secure 128-bit hashes.
I don't know what you mean by this. Replacing a password with a
passphrase (which could be hashed down to small fixed size and used as a
login key), is generally considered a good thing. I don't know of anyone
who is suggesting replacing a user-specified password with a 128bit
number. (And they should say to use SHA, which is 160 bits, anyway :)
> This stuff is always a matter of costs and benefits.
Most definitely. The real goal is to make it cheaper for the bad guy to
steal someone else's car. That's subtly different from what somone posted
here the other day. For a better explanation of this, I cannot
give enough praise to Dan Geer's "Risk Management" talk. Available in
several places, including the RISKS digest[1].
/r$
[1] http://catless.ncl.ac.uk/Risks/20.06.html
|
