Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!cs.utexas.edu!romp!auschs!awdprime!testsys.austin.ibm.com!mbrown
From: mbrown@testsys.austin.ibm.com (Mark Brown)
Newsgroups: comp.org.eff.talk
Subject: Re: Should we let students run COPS to get each other's passwords?
Message-ID: <8508@awdprime.UUCP>
Date: 15 Jun 91 16:10:19 GMT
References: <1991Jun15.024453.17639@redsox.bsw.com> <1991Jun13.042115.16845@athena.cs.uga.edu> <1991Jun14.053131.753@metapro.DIALix.oz.au> <1991Jun14.193545.24869@athena.cs.uga.edu>
Sender: news@awdprime.UUCP
Reply-To: mbrown@testsys.austin.ibm.com (Mark Brown)
Lines: 40

campbell@redsox.bsw.com (Larry Campbell) writes:
| mcovingt@athena.cs.uga.edu (Michael A. Covington) writes:
| ->Running a guesser is not breaking confidentiality. If I guessed that
| -Balderdash.  Information obtained by trial-and-error is still information!
| 
| Excuse me, but are we all speaking *English* here, or some new language with
| which I am not familiar?  "Obtaining information" is not a breach of
| confidentiality.  To violate a confidence, there must first *be* a confidence
| to be violated.  A confidence exists when person A gives person B some
| information, person B having agreed -- either implicitly or explicitly --
| to keep the information to himself.

Yup. And I'll maintain the "B", being a user on the system, agreed implicitly
to maintain confidentiality.

| Posting your "confidential information" in encrypted form in a public place
| hardly constitutes a confidence.  *You* may regard the information as
| confidential, but there is no second party -- no person B -- who has agreed
| not to violate the confidence.  Any confidentiality is entirely a figment of
| your imagination.

Nope. "B", a user on the system, has a responsibility to that system.

| If you don't like it, then either don't post your encrypted secrets (i.e.,
| use a shadow password file), or get a better encryption algorithm.  But
| don't go persecuting the curious and clever students who find the puzzle
| challenging!!!

I'll prosecute any of the "curious and clever" who find the locks to my
front door (locked or unlocked) a "challenging puzzle".

I'll also "persecute" users of my systems who try to subvert the security of
that system without my permission. That security isn't there as a "puzzle",
fool.


DISCLAIMER: My views may be, and often are, independent of IBM official policy.
Mark Brown       IBM PSP Austin, TX. |     Crazed Philosophy Student
(512) 823-3741   VNET: MBROWN@AUSVMQ |   Kills 15 In Existential Rage!
MAIL: mbrown@testsys.austin.ibm.com  |                      --tabloid headline