Re: "Small" Bug

To: debian-hurd@lists.debian.org
Subject: Re: "Small" Bug
From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
Date: Thu, 16 Mar 2000 01:52:55 +0100
Message-id: <[🔎] 20000316015254.H27203@ulysses.dhis.net>
In-reply-to: <[🔎] 20000315230721.A7506@aurora.physik.tu-muenchen.de>; from michael.thaler@physik.tu-muenchen.de on Wed, Mar 15, 2000 at 11:07:21PM +0100
References: <[🔎] 20000315213221.11266.qmail@hotmail.com> <[🔎] 20000315230721.A7506@aurora.physik.tu-muenchen.de>

On Wed, Mar 15, 2000 at 11:07:21PM +0100, Michael Thaler wrote:
> I do not understand this discussion. Perhaps someone could help me. It
> is a long establish practice with linux and other unices not to tell
> users who want to login, if there username is valid or not or if the
> password is wrong. The advantage of this method is, that a user cannot
> guess longin-names by simply trying out different names.
> 
> The HURD tells you, if the username is wright or wrong. It does not
> use the Linux-mechanism.
> 
> So can someone please tell me, what is the advantage of telling a
> user, that the login is wrong and not simply telling a user, that the
> login or the password is wrong?

I will try to explain one more time.

Imagine someone screws off his name sign from his front door.
You ask him why, and he says: "So people who want to break in my house don't
know where I live."

But now people who want to talk to him or send him a letter don't know where
to send it to. So he has a postbox in the post office (P.O. it is called I
think). Now you just have to reach him to get the po number...

In short, you are making it a little harder for the bad guys at the cost of
making it a lot harder for the good guys. Without achieving a lot, because
the bad guys usually don't look at the name signs anyway, they have better
ways to find out what they want.

This analogy lacks, but it drives the main point across, I think.

Security is achieved by two things: Havin a security model and following it.
The security model should effectively protect the critical information
(secret keys, passwords), and not rely on anything else. For your security
model you MUST assume that the cracker can get hold of ALL information that
is available through him by any means that you don't have direct control
over (scanning ports, asking secretaries and coworkers, etc). On a standard
unix box, you have direct control over your password, and nothing else.
Give away your password, and you loose. Give away anything else, and you
don't loose. (if the password mechanism is worth its name)

> I think there is no advantage in telling a user, that the login is
> wrong.

Well, I think there is. For example if you don't remember exactly what the
login=email of someone was, and you want to try two or three variants. A very
weak reason, I might add. More important is that there is no disadvantage either.

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org Check Key server 
Marcus Brinkmann              GNU    http://www.gnu.org    for public PGP Key 
Marcus.Brinkmann@ruhr-uni-bochum.de,     marcus@gnu.org    PGP Key ID 36E7CD09
http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/       brinkmd@debian.org

Reply to:

Follow-Ups:
- Re: "Small" Bug
  - From: Lars Weber <lweber@myokay.net>

References:
- Re: "Small" Bug
  - From: "powder keg" <iskander14@hotmail.com>
- Re: "Small" Bug
  - From: Michael Thaler <michael.thaler@physik.tu-muenchen.de>

Prev by Date: Re: "Small" Bug
Next by Date: Re: "Small" Bug
Previous by thread: Re: "Small" Bug
Next by thread: Re: "Small" Bug
Index(es):
- Date
- Thread