Posted by The Natural Philosopher on 10/22/07 11:55

Gary L. Burnore wrote:
> On Mon, 22 Oct 2007 01:49:44 +0100, The Natural Philosopher <a@b.c>
> wrote:
>
>> Jerry Stuckle wrote:
>>> The Natural Philosopher wrote:
>>>> Jerry Stuckle wrote:
>>>>> The Natural Philosopher wrote:
>>>>>> Jerry Stuckle wrote:
>>>>>>
>>>>>>> Security is not about prevention, just like there is no way to
>>>>>>> prevent someone from breaking into your home. There is no such
>>>>>>> thing. What it is is about identifying undesired ways of accessing
>>>>>>> your files and limiting the effect of exposure. It's just like
>>>>>>> locking your valuables in a bank vault to limit your exposure if
>>>>>>> someone breaks into your house.
>>>>>>>
>>>>>> It may go no further than simply living quietly, so that no one
>>>>>> knows or cares where you live, and never looking like you have
>>>>>> anything worth stealing.
>>>>>>
>>>>>>
>>>>> Nope. Security by obscurity is no security at all.
>>>>>
>>>> Oh, indeed it is.
>>>>
>>> Not at all. It is false security.
>>>
>> It works.
>> Call it what you like, it works.
>>
>> That's why passwords should not be on a dictionary search. Be obscure.
>
> That's prevention. Obscurity is hiding and hoping no one notices you
> don't have a password.

No is not prevention . All passwords can be cracked.

The secret is to make the password secret. AND obscure, so that scanning
every passwrd in the dictionary doesn't result in a match.

No different from scanning every port in a machine, or every machine on
the internet.

And the robots do not do this anyway: looking at muy firewall reveals
that a very few ports are occasionally probed. No one has done a
systematic scan on it. Is been up with a public website for over a year now.

[Back to original message]