On 10/15/2014 10:17 AM, The Wanderer wrote: > On 10/14/2014 at 03:28 PM, Jerry Stuckle wrote: > >> On 10/14/2014 12:03 PM, Tanstaafl wrote: >> >>> On 10/14/2014 11:17 AM, Jerry Stuckle <jstuc...@attglobal.net> >>> wrote: > >>>> Wrong on two counts. First of all, the false notion "Security >>>> through obscurity *never* works". This has nothing to do with >>>> security. > >>>> And BTW, that statement is also wrong - why do you think people >>>> are encouraged to use obscure passwords if it doesn't work? But >>>> that's another subject. >>> >>> Lol! Not even in the same ballpark, Jerry. Passwords, by their >>> very nature, are intended to be difficult/impossible to 'guess'. >>> >>> To suggest that this is even in the same universe as 'security >>> through obscurity' is ludicrous. >> >> Then what is that if it isn't "obscurity"? > > "Security by obscurity" isn't "no one knows the password" or "no one > knows the account name"; it's something more like "no one knows there's > a place to enter an account name or a password". >
You're limiting it too much. From Dictionary.com: obscurity noun, plural obscurities. 1. the state or quality of being obscure. 2. the condition of being unknown: ... A complex password is, by definition, obscure according to #2. And easily guessable password is not obscure, nor is it secure. > It isn't "no one knows how to unlock the door"; it's "no one knows where > the door is", or even closer, "no one knows that there even is a door". > See above. > (There's a mall near where I live which has an out-of-the-way door which > is never locked at any hour, and which does not appear to be covered by > security cameras. As far as I can tell, the after-hours security there > relies entirely on the fact that the general public does not know the > door exists. That's security by obscurity.) > That's one example. > I'm not entirely positive on which side of that distinction this > situation falls, overall. Keeping passwords secret is definitely not > "security by obscurity", but concealing the fact that a given account > exists may arguably be. > See above. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543e9cb5.9020...@attglobal.net
