Path: utzoo!mnetor!uunet!husc6!bbn!rochester!PT.CS.CMU.EDU!andrew.cmu.edu!jk3k+ From: jk3k+@andrew.cmu.edu (Joe Keane) Newsgroups: sci.crypt Subject: Re: Unix Password Hacker Message-ID: Date: 8 Mar 88 19:52:43 GMT References: <731@ddsw1.UUCP> <657@morningdew.BBN.COM>, <1988Mar2.235819.18983@utzoo.uucp> Organization: Carnegie Mellon University Lines: 25 In-Reply-To: <1988Mar2.235819.18983@utzoo.uucp> In article <1988Mar2.235819.18983@utzoo.uucp>, henry@utzoo.uucp (Henry Spencer) writes: > This is true but irrelevant, since perfection is not available. Something doesn't have to be absolutely useless to be a waste of time. Only not very useful. > Only if E1 >> E2 or vice-versa. If they are of the same order of magnitude, > then E1+E2 does approximate 2*max(E1, E2) and abandoning one of them does > reduce security significantly. A factor of two is `significant'? So if we add one bit to DES (don't ask how) it will be `significantly' more secure? I disagree. > True. However, a system in which an intruder must bypass 2 or 3 effective > but not perfect security mechanisms *is* much harder to penetrate than a > system with only one such mechanism. Again, if he can crack one, he can crack two. > The best we can do is to put as many obstacles in the intruder's > path as possible, in hopes that the effort needed to overcome them all will > discourage him enough to make him go somewhere else. If your security is based on `discouraging' an intruder, it doesn't sound very strong. You should assume the intruder is trying to crack _your_ system. --Joe