|
-
October 18th, 2004, 06:21 AM
#12
I'm still seeing that password authentication method and encryption method implement security thru obscurity in more general/loose term. Passwords can be sniffed and/or brute-forced. Ditto with encryption.
I think I'll still use some security thru obscurity efforts, combined with IDS and logging, in an early warning/action system. But of course I won't rely on that as my sole protection.
[ Borrowing chsh's example of remote door locks, the vendor should develop a scanning detector which disables the lock (ignoring unlock request) for a given period (say 5 minutes) if it detects such scanning. One could argue that the thief would increase the delay between frequency broadcasts to avoid detection. And I would say he'd better be very patient as he may need to spend some time doing it before the owner comes and forces him find another victim. And so on, and so on. ]
Well, I believe I've got the answers I need. Thank you all.
edit: I'm sorry for being stubborn  (see my sig).
Peace always,
<jdenny>
Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote