[Info-vax] What to do with my VAX.....

[Arne Vajhøj]

On 11/12/2020 10:25 AM, Bill Gunshannon wrote:
> On 11/11/20 10:40 PM, Dave Froble wrote:
>> On 11/11/2020 9:12 PM, Bill Gunshannon wrote:
>>> On 11/11/20 8:54 PM, Dave Froble wrote:
>>>> On 11/11/2020 6:56 PM, Alexander Schreiber wrote:
>>>>> seasoned_geek <roland at logikalsolutions.com> wrote:
>>>>>> ALL
>>>>>> ENCRYPTION is security by obscurity. Period.
>>>>>
>>>>> Thus proving nicely that you know _absolutely_ nothing about 
>>>>> encryption.
>>>>> You imight want to read up on Kerckhoff's principle for starters.
>>>>
>>>> Well, I wouldn't be so quick to dismiss that statement.
>>>>
>>>> Isn't not knowing a solution a form of obscurity?  Otherwise, if one
>>>> knows the key, then there is no security, right?  So not knowing the
>>>> key is sort of "security by obscurity"?
>>>>
>>>> There have been multiple instances in the past of codes being broken
>>>> and harmful affects because of that.  The Japanese code in WWII?
>>>>
>>>> What is a "secret key", other than "unknown data"?  Can such a key be
>>>> guessed?  Unlikely.  But possible.
>>>>
>>> Guess it depends on which part of ENCRYPTION you are talking about.
>>> The entire algorithm for the Unix Password encryption is documented
>>> and available for anyone who wants to read it.  No obscurity involved
>>> at all.  Let me know when you figure out how to reverse the encryption
>>> for any password.  Brute force doesn't count.
>>
>> But, it would be possible, however very unlikely, to guess?  Or is 
>> that considered "brute force"?
> 
> More likely that would be considered HUMINT.
> 
> But if you are going to use that kind of an argument than it can be
> equally applied to everything.  VMS isn't secure because it is possible,
> no matter how unlikely, that someone can breach it.

If you go to the login prompt and enter SYSTEM for username and
some random password, then there is some probability (extremely small,
but greater than zero) that the first guess on password will work.

Arne