lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6.0.1.1.0.20041222132649.02c6c4e8@mail.stdnet.com>
Date: Wed, 22 Dec 2004 13:39:52 -0600
From: "Jonathan G. Lampe" <jonathan.lampe@...ndardnetworks.com>
To: Adam Shostack <adam@...eport.org>,
	"D. J. Bernstein" <djb@...yp.to>
Cc: bugtraq@...urityfocus.com
Subject: stick with "anonymous" or "authenticated" when describing
  attacks


At 11:27 AM 12/22/2004, Adam Shostack wrote:
>I've long advocated 'credentialed' to refer to attacks where a user of
>the system can execute the attack, and 'anonymous' or
>'non-credentialed' to refer to refer to attacks on servers, such as
>httpd, ftpd, or named.

The word "authenticated" already has the meaning of what I think you were 
trying to express with "credentialed"; "authenticated" means that a user 
has already presented credentials of some kind (username, password, PIN, 
key, cert, token, etc.), that those credentials were accepted and that the 
user enjoyed a different level of privilege than mere "anonymous" users.

The term "credentialed" suggests that a user has been issued credentials of 
some kind, but that he/she may or may not have used them to authenticate to 
a restricted resource.  (The term "credentialed" is similar to the word 
"ticketed".)

So...I'd stick with "anonymous" or "authenticated" when describing attacks 
on servers.

-jgl

******************* PLEASE NOTE *******************
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ