[Info-vax] Some SEARCH commands

Mark Berryman mark at theberrymans.com
Fri Mar 1 13:47:57 EST 2019 

On 3/1/19 10:40 AM, Bill Gunshannon wrote:
> On 3/1/19 12:27 PM, Mark Berryman wrote:
>> On 3/1/19 1:25 AM, Simon Clubley wrote:
>>> On 2019-02-28, Mark Berryman <mark at theberrymans.com> wrote:
>>>> On 2/27/19 4:39 PM, Simon Clubley wrote:
>>>>> On 2019-02-27, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>>>>>>
>>>>>> Search your various OpenVMS storage devices...
>>>>>>
>>>>>> $ SEARCH /NOWARN ddcu:[*...]*.* "::"""
>>>>>>
>>>>>> if files have currently or previously been stored in a DVCS or to 
>>>>>> some
>>>>>> other archive, also search that.
>>>>>>
>>>>>> If you've found any matches to the SEARCH commands, might then 
>>>>>> want to
>>>>>> ponder how easy it was to find what you just found.
>>>>>>
>>>>>> Might also want to ponder the last time what you found was 
>>>>>> changed.  If
>>>>>> it's ever been changed.  And ponder who knows about it.
>>>>>>
>>>>>> And as a chaser to all that pondering, ponder that what you just 
>>>>>> found
>>>>>> can (also) be broadcast across your network.
>>>>>>
>>>>>
>>>>> And while you are all pondering this, also ponder that if you try
>>>>> fixing the problem by using proxies instead of hardcoded passwords
>>>>> then you are very likely to make your system _LESS_ secure and not
>>>>> more secure.
>>>>
>>>> Eh?  Not in any configuration I have ever used.
>>>>
>>>
>>> So where exactly is the shared secret support in DECnet Phase IV ?
>>
>> I don't need a shared secret to make the use of proxies MORE secure 
>> than not using them.
>>
> 
> A barrel bolt on my front door is more secure than leaving the door
> wide open, but I certainly wouldn't call it security.  More secure
> than not using them does not imply any they offer any form of real
> security.

Security, by its nature, is incremental.  Closing your door is more 
secure than leaving it open.  Adding a good lock is more secure than 
simply closing the door.  Adding a security door as a replacement for 
your screen door is more secure still.  Etc.

Any viable step one takes to add security is helpful.  Here, I was 
simply pointing out that there are ways to use DECnet proxies to make 
your DECnet network more secure, contrary to Simon's claim.  Among other 
things, he claims that DECnet doesn't support shared secrets, which is 
false (and I should have addressed that in my previous reply).  In 
DECnet, they are called Routing Initialization Passwords and, if 
configured, they must be exchanged before two nodes will communicate via 
DECnet.  Now, whether these are sent in the clear or as a hash I no 
longer remember, but this is a concern only if your network layer is, 
itself, in the clear.

Mark Berryman

More information about the Info-vax mailing list