On Wed, Mar 15, 2000 at 11:07:21PM +0100, Michael Thaler wrote: > I do not understand this discussion. Perhaps someone could help me. It > is a long establish practice with linux and other unices not to tell > users who want to login, if there username is valid or not or if the > password is wrong. The advantage of this method is, that a user cannot > guess longin-names by simply trying out different names. > > The HURD tells you, if the username is wright or wrong. It does not > use the Linux-mechanism. > > So can someone please tell me, what is the advantage of telling a > user, that the login is wrong and not simply telling a user, that the > login or the password is wrong?
I will try to explain one more time. Imagine someone screws off his name sign from his front door. You ask him why, and he says: "So people who want to break in my house don't know where I live." But now people who want to talk to him or send him a letter don't know where to send it to. So he has a postbox in the post office (P.O. it is called I think). Now you just have to reach him to get the po number... In short, you are making it a little harder for the bad guys at the cost of making it a lot harder for the good guys. Without achieving a lot, because the bad guys usually don't look at the name signs anyway, they have better ways to find out what they want. This analogy lacks, but it drives the main point across, I think. Security is achieved by two things: Havin a security model and following it. The security model should effectively protect the critical information (secret keys, passwords), and not rely on anything else. For your security model you MUST assume that the cracker can get hold of ALL information that is available through him by any means that you don't have direct control over (scanning ports, asking secretaries and coworkers, etc). On a standard unix box, you have direct control over your password, and nothing else. Give away your password, and you loose. Give away anything else, and you don't loose. (if the password mechanism is worth its name) > I think there is no advantage in telling a user, that the login is > wrong. Well, I think there is. For example if you don't remember exactly what the login=email of someone was, and you want to try two or three variants. A very weak reason, I might add. More important is that there is no disadvantage either. Thanks, Marcus -- `Rhubarb is no Egyptian god.' Debian http://www.debian.org Check Key server Marcus Brinkmann GNU http://www.gnu.org for public PGP Key [EMAIL PROTECTED], [EMAIL PROTECTED] PGP Key ID 36E7CD09 http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/ [EMAIL PROTECTED]
