Newsgroups: sci.crypt
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re: Unix Password Hacker
Message-ID: <1988Mar13.041453.15214@utzoo.uucp>
Organization: U of Toronto Zoology
References: <731@ddsw1.UUCP> <657@morningdew.BBN.COM>
Date: Sun, 13 Mar 88 04:14:53 GMT

> ... if he can crack one, he can crack two.

Requiring, one hopes, twice as much effort.  That's the point.

> > The best we can do is to put as many obstacles in the intruder's
> > path as possible, in hopes that the effort needed to overcome them all will
> > discourage him enough to make him go somewhere else.
> 
> If your security is based on `discouraging' an intruder, it doesn't sound very 
> strong.  You should assume the intruder is trying to crack _your_ system.

Pray tell, what *else* should we base our security on?  There is no such
thing as perfect security; that is not even theoretically possible.  Given
that, the *only* thing we can do is try to make penetration as difficult
as possible, in hopes that the intruder will give up or be detected before
he can get through.
-- 
Those who do not understand Unix are |  Henry Spencer @ U of Toronto Zoology
condemned to reinvent it, poorly.    | {allegra,ihnp4,decvax,utai}!utzoo!henry