Re: sync root passwords?

To: Cameron Hutchison <camh+dl@xdna.net>
Cc: debian <debian-user@lists.debian.org>
Subject: Re: sync root passwords?
From: Andrew Perrin <clists@perrin.socsci.unc.edu>
Date: Wed, 4 Dec 2002 20:15:24 -0500 (EST)
Message-id: <[🔎] Pine.LNX.4.21.0212042013050.2566-100000@perrin.socsci.unc.edu>
In-reply-to: <[🔎] 20021205011014.GB18377@orthanc>

On Thu, 5 Dec 2002, Cameron Hutchison wrote:

> Once upon a time Andrew Perrin said...
> > No, it's not more insecure; you're assuming the hypothetical hacker knows
> > that there is an algorithm, and which character(s) are filled in by it.  
> 
> ...and you're assuming that security through obscurity is just as secure
> as a secure encryption algorithm.

Actually, I don't think I'm making any such assumption. I'm simply
claiming that systematic difference is a harder pattern to recognize than
simple identity.  I didn't say anything about the use of a secure
encryption algorithm.

> 
> In practice, it will make little difference. But it is less secure. You
> are relying in keeping your algorithm secret. If it is found out, you've
> reduced the keyspace to be searched to break the keys.
> 
> 

Again, it's clearly less secure than 100 random passwords on 100
hosts. But it's more secure than 1 password on 100 hosts, since in that
case the "keyspace to be searched" contains only one element.

----------------------------------------------------------------------
Andrew J Perrin - http://www.unc.edu/~aperrin
Assistant Professor of Sociology, U of North Carolina, Chapel Hill
clists@perrin.socsci.unc.edu * andrew_perrin (at) unc.edu

Reply to:

Follow-Ups:
- Re: sync root passwords?
  - From: sean finney <seanius@seanius.net>

References:
- Re: sync root passwords?
  - From: Cameron Hutchison <camh+dl@xdna.net>

Prev by Date: Kernel panic: VFS: Unable to mount root fs
Next by Date: Determining the usefulness of compression
Previous by thread: Re: sync root passwords?
Next by thread: Re: sync root passwords?
Index(es):
- Date
- Thread