lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.6.66.0301231317550.16538-100000@www.nmrc.org>
From: hellnbak at nmrc.org (hellNbak)
Subject: Lock business practices "security-by-obscurity"
 for 150 years

On Thu, 23 Jan 2003, Georgi Guninski wrote:


> Richard, you seem to be smoking something bad today.
> If you look at your trollish analogy, from the quote above you will see that
> such problems are disclosed "in locksmith trade journals" at least.
> And who cares if micro$osft relies on obscurity?
>

Georgi, you are letting your immature hatred for Microsoft cloud your
vision, but what else is new.  Yes, this issue has been known for 150
years by locksmiths and they didn't understand the security risks or they
did and didn't care because they didn't think that anyone else would know
about it.  But, as with most things this wasn't the case.  Others, outside
of the locksmithing industry no doubt knew about this as well.  With no
one in the locksmithing industry running out and telling anyone this
would have made a nice little secret to hang on to.

So yes, this was security through obscurity.  Without public disclosure
there would be little motivation for lock companies to retool and create
better locks.

 --
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak@...c.org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ