Date: Wed, 22 Apr 1998 08:31:27 -0700 From: Mike Smith <mike@smith.net.au> To: Peter Jeremy <Peter.Jeremy@alcatel.com.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Using MD5 insted of DES for passwd ecnryption Message-ID: <199804221531.IAA00455@antipodes.cdrom.com> In-Reply-To: Your message of "Wed, 22 Apr 1998 15:53:24 %2B1000." <199804220553.PAA03826@gsms01.alcatel.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> > The more objects that need protecting, the more likely one is overlooked, > allowing the system to subverted. Until you got to this point, you weren't doing too badly. Unfortunately, your assertion is unsupported (and effectively unsupportable). But it's popular nonetheless because it strikes a chord with people that think of system security like they would think of guarding something physical. Once you are certain you can secure a single file, you can secure any set of files. Securing these files is a once-off process - you don't have to march back and forth around them warding off intruders, so the only effect of having more of them is the extra time taken to secure them in the first place. If the securing process is automated, and scrutinised suitably, this is something that can be reduced to almost zero cost. Given that there are already compromise targets which are linked shared, I think the whole point is pretty frivolous. -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804221531.IAA00455>