On Thursday 12 Jan 2012 14:06:26 Alan McKinnon wrote: > On Thu, 12 Jan 2012 08:58:02 -0500 > > Tanstaafl <tansta...@libertytrek.org> wrote:
> > But I still disagree. Would you also classify 'changing the locks on > > your house' as security through obscurity? Because changing the > > character set in PWM is just like changing the lock on a door... Changing locks (with the same number and quality of locks) is as good as not changing locks at all - unless some burglar happens to be half way through unpicking the current door lock mechanism. Changing locks with a higher quality lock (i.e. one with more levers in it) is like increasing the number of characters in your password. If the new levers are from a different 'character set' (different design class/pattern of lock levers) then it would be more difficult for the burglar to guess what these levers might look like (sort of adding more entropy - the levers would appear to be more random) and he'll have to try all combinations of levers. The addition of levers (or locks of the same design) is called protection through redundancy. If one falls in the hands of a skilled cracker the second should present the *same* level of protection. So we are essentially increasing the time it will take to crack the locks and thankfully the burglar's time is a limited resource. If on the other hand we add an entirely different *means* of protection - e.g. a guard dog, then we are increasing the level of protection not through redundancy, but through diversity. This means that systemic weaknesses of door lock lever design can be compensated for in our door protection system. Systemic weaknesses are important because they can be guessed (like which side of the qwerty keyboard the uber-geek typed his password) and so give the burglar a smaller set of solutions to try. There's no point in a burglar trying to guess how many or what type of levers a guard dog has. Indeed, his skills and resources at picking locks is now irrelevant - he's got to be a skilled dog whisperer too! We could think of the change of the port of sshd like adding redundancy protection, but we don't really. In reality we are adding (a very low degree of) diversity. This is because we're hiding the door of our hypothetical house. However, in doing so we're giving away the wrong signal to a non- opportunistic burglar. Since every other house door in the street is not hidden we are subliminally telling the burglars: "Hey! We have something worth hiding in this house." Then they'll set off picking the locks of our door, instead of the doors down the road. From a probability perspective though we are better off changing the sshd port, because all the opportunistic (botnet) burglars who just check port 22 will miss our door and never bother us. A strong security system will have both redundancy and diversity in its design. As an example an IPSec VPN set up which uses both SSL Certificates and XAuth with a long and random passphrase does just that. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.