lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: crypto at clouddancer.com (Aron Nimzovitch)
Subject: Vulnerability Disclosure Debate

   Date: Fri, 8 Aug 2003 10:33:31 -0700 (PDT)
   From: "Gary E. Miller" <gem@...lim.com>
   Cc: full-disclosure@...ts.netsys.com

   >    http://www.mas-hamilton.com/x08.html
   >
   > Hehe, that is probably the same mechanical system that Feynman broke
   > over 50 years ago.  Looks the same as what I once used and it is still
   > mechanical.  Takes a couple of hours without any clues to the initial
   > number.

   Try reading the web page a bit before commenting on it.  You will see

Hi clueless, yup I read that.  Guess you have NEVER used one and thus
are TOTALLY unaware of "human-usability" modifications that reduce the
security of all combo lock systems.  It's known as 'slop' and familiar
to anyone dialing these locks many times a day, in my case for 13
years.  As someone noted eariler, "employees" are a hackers best
friend.

   it LOOKS like the old style mechanism, but is really electronic.  Only
   wires pass from the outside of the safe to the inside.  No batteries,
   all the power comes from spinning the dial.  Everything controlled with
   a little CPU.  The numbers are not on the dial, they are displayed on a
   limited viewing angle LCD.

Oh yes, the old "It's new, it MUST be better" thinking...bet you think
that the more a product costs, the better security it provides too.
Plus I see evidence of "it's on a webpage, everything must be true!"
thinking, tsk-tsk.

   All number must be entered in 10 seconds, so no "day locking" like in
   Feynman's days.  This is certainly not your fathers lock.

10 seconds was a lifetime to Feynmans fingers.  Read the story of
Feymans cracking, the full story, covers many pages.  Learn all the
failings of these systems and what happens to people that "Fully
disclose" said failings.  You'll find little has changed in the world
in 50 years. Hmm, come to think of it, I remember the fun I had
opening a secure area one day to retrive something, thanks for the
memory.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ