Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Apr 1998 08:31:27 -0700
From:      Mike Smith <mike@smith.net.au>
To:        Peter Jeremy <Peter.Jeremy@alcatel.com.au>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Using MD5 insted of DES for passwd ecnryption 
Message-ID:  <199804221531.IAA00455@antipodes.cdrom.com>
In-Reply-To: Your message of "Wed, 22 Apr 1998 15:53:24 %2B1000." <199804220553.PAA03826@gsms01.alcatel.com.au> 

next in thread | previous in thread | raw e-mail | index | archive | help
> 
> The more objects that need protecting, the more likely one is overlooked,
> allowing the system to subverted.

Until you got to this point, you weren't doing too badly.

Unfortunately, your assertion is unsupported (and effectively 
unsupportable).  But it's popular nonetheless because it strikes a 
chord with people that think of system security like they would think 
of guarding something physical.

Once you are certain you can secure a single file, you can secure any 
set of files.  Securing these files is a once-off process - you don't 
have to march back and forth around them warding off intruders, so the 
only effect of having more of them is the extra time taken to secure 
them in the first place.

If the securing process is automated, and scrutinised suitably, this is 
something that can be reduced to almost zero cost.

Given that there are already compromise targets which are linked 
shared, I think the whole point is pretty frivolous.
-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804221531.IAA00455>