lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <00e101c2c31d$9af34fa0$180a10ac@spidynamics.com>
From: kspett at spidynamics.com (Kevin Spett)
Subject: Lock business practices "security-by-obscurity" for 150 years

Yes, but the real question here still remains:

What is Richard smoking and where can I get some of it?



Kevin.
----- Original Message -----
From: "hellNbak" <hellnbak@...c.org>
To: "Georgi Guninski" <guninski@...inski.com>
Cc: "Richard M. Smith" <rms@...puterbytesman.com>;
<full-disclosure@...ts.netsys.com>
Sent: Thursday, January 23, 2003 2:38 PM
Subject: Re: [Full-Disclosure] Lock business practices
"security-by-obscurity" for 150 years


> On Thu, 23 Jan 2003, Georgi Guninski wrote:
>
>
> > Richard, you seem to be smoking something bad today.
> > If you look at your trollish analogy, from the quote above you will see
that
> > such problems are disclosed "in locksmith trade journals" at least.
> > And who cares if micro$osft relies on obscurity?
> >
>
> Georgi, you are letting your immature hatred for Microsoft cloud your
> vision, but what else is new.  Yes, this issue has been known for 150
> years by locksmiths and they didn't understand the security risks or they
> did and didn't care because they didn't think that anyone else would know
> about it.  But, as with most things this wasn't the case.  Others, outside
> of the locksmithing industry no doubt knew about this as well.  With no
> one in the locksmithing industry running out and telling anyone this
> would have made a nice little secret to hang on to.
>
> So yes, this was security through obscurity.  Without public disclosure
> there would be little motivation for lock companies to retool and create
> better locks.
>
>  --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
> "I don't intend to offend, I offend with my intent"
>
> hellNbak@...c.org
> http://www.nmrc.org/~hellnbak
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ