On Wed, Dec 04, 2002 at 08:15:24PM -0500, Andrew Perrin wrote: > > ...and you're assuming that security through obscurity is just as secure > > as a secure encryption algorithm. > > Actually, I don't think I'm making any such assumption. I'm simply > claiming that systematic difference is a harder pattern to recognize than > simple identity. I didn't say anything about the use of a secure > encryption algorithm.
well yes, but to the pessimistic cryptologist, security through obscurity
is just as bad as declaring to the world how you're doing it. thus if 1/8
your password is in fact arbitrary and not random, your search space for the
password has just dropped by a power of 2, even if it takes the clever hacker
a while to figure that out.
the best solution i can think of is to have a completely random password
on each machine, or better yet make root a member of the gold star club
(can you you even do that?), and then provide root access via logged and
authenticated public key methods. while you're at it, if security is a
Really Big Deal, you'll have a different private key for each machine,
and these keys would be locked in the same physically secured location
as where you'd have put the list of all the master passwords, such that
if someone wanted root access they'd need a real key. of course this
makes remote administration a bit harder, but then again if security's
that big of a deal you don't remotely administer in the first place ;)
> Again, it's clearly less secure than 100 random passwords on 100
> hosts. But it's more secure than 1 password on 100 hosts, since in that
> case the "keyspace to be searched" contains only one element.
well it depends on your opinion. if the Bad Guys' goal were to break into
all your machines, yes. If their goal were to break into a single machine,
i'd disagree. of course then this touches on whether or not every machine
is equally secure (like, say one is running a bunch of net-reachable
services and the others reachable via ssh on the internal network and the
previous machine is on that network), but if this is really a concern,
you could be applying the above method, or perhaps something better.
sean
msg17069/pgp00000.pgp
Description: PGP signature
