List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
Stewart Honsberger wrote:
> I don't send anything back to any unexpected port probes because I don't
> want to.
> Sure, to some extent it is security through obscurity, but the old
> addage isn't entirely correct. If not for security through obscurity
> we'd all have our PIN numbers sharpie'd on our ATM cards.
Actually, keeping my PIN secret isn't security through obscurity.
The idea of security without obscurity focuses on keeping the number of
secrets at an absolute minimum. Systems designed around security through
obscurity tend to rely on the secrecy of certain procedures or
algorithms - once these are discovered by third parties, the security of
the system has been reduced.
Moving back to the PIN/ATM example:
Ideally, your PIN should be the ONLY secret involved - the encryption
algorithms and communication protocols could all be public. In the real
world, this isn't feasible (eg. ATMs do not authenticate themselves to
the card holder. If the algorithms and protocols were public, someone
could theoretically construct a trojan ATM and collect people's PINs and
P.S It's a PIN, not a Personal Identification Number (PIN) Number :-)
Sorry, but it's one of my pet hates (just like Automatic Teller Machine
email@example.com mailing list