Re: "Small" Bug
On Wed, Mar 15, 2000 at 11:07:21PM +0100, Michael Thaler wrote:
> I do not understand this discussion. Perhaps someone could help me. It
> is a long establish practice with linux and other unices not to tell
> users who want to login, if there username is valid or not or if the
> password is wrong. The advantage of this method is, that a user cannot
> guess longin-names by simply trying out different names.
> The HURD tells you, if the username is wright or wrong. It does not
> use the Linux-mechanism.
> So can someone please tell me, what is the advantage of telling a
> user, that the login is wrong and not simply telling a user, that the
> login or the password is wrong?
I will try to explain one more time.
Imagine someone screws off his name sign from his front door.
You ask him why, and he says: "So people who want to break in my house don't
know where I live."
But now people who want to talk to him or send him a letter don't know where
to send it to. So he has a postbox in the post office (P.O. it is called I
think). Now you just have to reach him to get the po number...
In short, you are making it a little harder for the bad guys at the cost of
making it a lot harder for the good guys. Without achieving a lot, because
the bad guys usually don't look at the name signs anyway, they have better
ways to find out what they want.
This analogy lacks, but it drives the main point across, I think.
Security is achieved by two things: Havin a security model and following it.
The security model should effectively protect the critical information
(secret keys, passwords), and not rely on anything else. For your security
model you MUST assume that the cracker can get hold of ALL information that
is available through him by any means that you don't have direct control
over (scanning ports, asking secretaries and coworkers, etc). On a standard
unix box, you have direct control over your password, and nothing else.
Give away your password, and you loose. Give away anything else, and you
don't loose. (if the password mechanism is worth its name)
> I think there is no advantage in telling a user, that the login is
Well, I think there is. For example if you don't remember exactly what the
login=email of someone was, and you want to try two or three variants. A very
weak reason, I might add. More important is that there is no disadvantage either.
`Rhubarb is no Egyptian god.' Debian http://www.debian.org Check Key server
Marcus Brinkmann GNU http://www.gnu.org for public PGP Key
Marcus.Brinkmann@ruhr-uni-bochum.de, firstname.lastname@example.org PGP Key ID 36E7CD09