On 10/14/2014 at 03:28 PM, Jerry Stuckle wrote: > On 10/14/2014 12:03 PM, Tanstaafl wrote: > >> On 10/14/2014 11:17 AM, Jerry Stuckle <jstuckle@attglobal.net> >> wrote: >>> Wrong on two counts. First of all, the false notion "Security >>> through obscurity *never* works". This has nothing to do with >>> security. >>> And BTW, that statement is also wrong - why do you think people >>> are encouraged to use obscure passwords if it doesn't work? But >>> that's another subject. >> >> Lol! Not even in the same ballpark, Jerry. Passwords, by their >> very nature, are intended to be difficult/impossible to 'guess'. >> >> To suggest that this is even in the same universe as 'security >> through obscurity' is ludicrous. > > Then what is that if it isn't "obscurity"? "Security by obscurity" isn't "no one knows the password" or "no one knows the account name"; it's something more like "no one knows there's a place to enter an account name or a password". It isn't "no one knows how to unlock the door"; it's "no one knows where the door is", or even closer, "no one knows that there even is a door". (There's a mall near where I live which has an out-of-the-way door which is never locked at any hour, and which does not appear to be covered by security cameras. As far as I can tell, the after-hours security there relies entirely on the fact that the general public does not know the door exists. That's security by obscurity.) I'm not entirely positive on which side of that distinction this situation falls, overall. Keeping passwords secret is definitely not "security by obscurity", but concealing the fact that a given account exists may arguably be. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
Attachment:
signature.asc
Description: OpenPGP digital signature