 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
--On Wednesday, March 27, 2013 8:47 PM -0400 Tom Metro <tmetro+blu at gmail.com> wrote: > This is exactly my point...it's a spectrum of complexity, without a > crisp delineation between what is obscurity and what is secret. Either a password is a secret (known to authorized personnel) or it isn't. That's not a "spectrum of complexity". It's a yes/no fact. > You could, if you so desired, have a port knocking client that > translated a pass phrase with 40+ bits of strength into a knock > sequence. Now is this a secrete or is it still just obscure? In principle it's a secret. In practice 25 years ago it would have been considered a secret since exhaustive search of a 40-bit keyspace was considered to be prohibitively costly. In practice today an exhaustive search of a 40-bit keyspace takes about 3 seconds. > Obscure, in most security contexts, is just a synonym for weak strength. > What you consider to be weak is subjective, and relative to the threat > scenarios. Obscure, in serious security contexts, is synonymous with NO strength regardless of threat scenarios. > If you find it so, then good for you. Others consider it useless noise, > and it detracts from more valuable signals. Anyone who thinks that way hasn't figured out how to use the tools they have or hasn't switched to using tools that do what is needed. -- Rich P.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
