On 2012-01-12 8:03 AM, Alan McKinnon <alan.mckin...@gmail.com> wrote:
On Thu, 12 Jan 2012 06:30:03 -0500 Tanstaafl wrote:
On 2012-01-11 5:51 PM, Alan McKinnon<alan.mckin...@gmail.com> wrote:
yes, I know it's really just security by obscurity in disguise but I
still like it.
Actually, I disagree vehemently that it is 'security through
obscurity'...
I'd disagree with your disagreement.
There's two usages of the phrase, the first is very disparaging and the
second is simply descriptive. I'm using the second meaning.
Changing the ssh port (and even crypto keys on DVDs) is just a
brain-dead approach, we agree on that. We rightfully rip a new one to
people advocating doing this.
Changing the character set; well that's quite clever actually. You have
a decent security strength underneath it and add an extra layer to
increase the entropy even more (sort of like salting a hash). If an
attacker figures out you're doing it, it won't be hard to undo it, then
only to be faced with a *much* harder problem.
So it's just a description, not an insult. Don't read it as such
Oh, I didn't, I did catch the 'but I still like it', sorry if my reply
made it sound like I was insulted ;)
But I still disagree. Would you also classify 'changing the locks on
your house' as security through obscurity? Because changing the
character set in PWM is just like changing the lock on a door...
