From owner-freebsd-stable  Tue May 29 16:24:33 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from ns1.rwwa.com (ns1.rwwa.com [66.92.67.110])
	by hub.freebsd.org (Postfix) with ESMTP id 0A5E737B422
	for <stable@FreeBSD.ORG>; Tue, 29 May 2001 16:24:29 -0700 (PDT)
	(envelope-from witr@rwwa.com)
Received: from rwwa.com (harvey.rwwa.com [192.124.97.11])
	by ns1.rwwa.com (8.9.3/8.9.3) with ESMTP id TAA73334;
	Tue, 29 May 2001 19:24:23 -0400 (EDT)
	(envelope-from witr@rwwa.com)
Message-Id: <200105292324.TAA73334@ns1.rwwa.com>
X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4
To: Matt Dillon <dillon@earth.backplane.com>
Cc: Seth <seth@psychotic.aberrant.org>,
	Vivek Khera <khera@kcilink.com>, stable@FreeBSD.ORG
Subject: Re: adding "noschg" to ssh and friends 
In-Reply-To: Your message of "Tue, 29 May 2001 16:15:24 PDT."
             <200105292315.f4TNFOu31573@earth.backplane.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 29 May 2001 19:27:18 -0400
From: Robert Withrow <witr@rwwa.com>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


dillon@earth.backplane.com said:
:- Putting on my security hat... no.  All you are doing is forcing
:- the hacker to use some more obscure and possibly less detectable way
:- to compromise the machine.  So, in fact, you could be making the
:- problem *worse*. 

Maybe your security hat needs cleaning?  The whole game is played by raising
the cost of hacking.  Using your theory, we should eliminate all passwords.
*Then* we'd be pretty sure no hacker would trouble himself by using any
obscure hacking methods.  (Of course, that would be like windows, wouldn't
it?)

No system is un-hackable.  But a prudent person raises the cost of hacking
the system (read that as raising the difficulty) so that it is larger than
the expected gain of hacking the system.  That is the best you can do.


---------------------------------------------------------------------
Robert Withrow, R.W. Withrow Associates, Swampscott MA, witr@rwwa.COM


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message