Xref: utzoo alt.security:761 comp.protocols.tcp-ip:11562
Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!cs.utexas.edu!execu!sequoia!rpp386!jfh
From: jfh@rpp386.cactus.org (John F. Haugh II)
Newsgroups: alt.security,comp.protocols.tcp-ip
Subject: Re: anonymous ftp, and the dangers thereof
Message-ID: <18376@rpp386.cactus.org>
Date: 5 Jun 90 21:31:52 GMT
References: <6703@blake.acs.washington.edu> <1990Apr20.192233.4092@utzoo.uucp> <1990Apr21.222928.24498@Solbourne.COM> <1990Jun5.002739.16450@pegasus.com>
Reply-To: jfh@rpp386.cactus.org (John F. Haugh II)
Organization: Lone Star Cafe and BBS Service
Lines: 14
X-Clever-Slogan: Recycle or Die.

In article <1990Jun5.002739.16450@pegasus.com> richard@pegasus.com (Richard Foulk) writes:
>"Security-thourgh-obscurity" certainly isn't great.  But I haven't seen
>or heard of any evidence that it's totally useless.

The most common example of "Security Through Obscurity" is hiding the
password encryption algorithm.  Read "Password Management Guidelines"
from the NCSC [ or Dod ] [ it is one of the green books in the rainbow
series ] for information on why this is a bad idea.  Other "obscurity"
techniques have similiar problems.
-- 
John F. Haugh II                             UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832                           Domain: jfh@rpp386.cactus.org

                                            Proud Pilot of RS/6000 Serial #1472