Date: Tue, 22 Nov 2005 11:12:30 -0800 (PST) From: Arne "Wörner" <arne_woerner@yahoo.com> To: Roger Marquis <marquis@roble.com>, freebsd-security@freebsd.org Subject: Re: Need urgent help regarding security Message-ID: <20051122191230.9866.qmail@web30305.mail.mud.yahoo.com> In-Reply-To: <20051122075050.I81101@roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Roger Marquis <marquis@roble.com> wrote: > Obscurity is an important and wholly necessary part > of the security toolkit. Take passwords for example. > Defining a non-dictionary password is security by > obscurity. It is, however, weak protection if you > do not also log dictionary attacks and blackhole > offenders before they can try many username/password > pairs. > I can say that again... :-) I personally do not like passwords, because: 1. I could forget it. 2. A bad guy could treat me bad in order to get the password. So I was very happy, when I found out, that ssh protocol offers this passphrase-less, password-less RSA (today it seems to be DSA) authentication, which seems to be very secure, and which makes me uninteresting for authentication and for a bad guy (he or she only needs my hard disc, which he or she can get without hurting me). Maybe that could help in this specific security problem discussion. Furthermore I would ask, if it might be a good idea in this case to use a good-guy list instead of a bad-guy list. Ceterum censeo: Finger prints make everything worse (not just for thiefs, who have to wear gloves nowadays), because I have heard of a case, where a robber took away the ring-finger of his victim, because his victim was unable to get off the ring (published in german TV by a governmental broadcasting carrier (ZDF) in "Aktenzeichen XY ... noch nicht gelöst" (which translates to "case number XY ... not solved yet")). There has been a case near Kiel,SH,F.Rep.Germ, where the robber became a killer, because the victim refused to give 10USD, that belonged to his employer. -Arne who said the mother of all passwords loudly in the public, while one of his colleagues was talking to him on the phone __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051122191230.9866.qmail>