[Info-vax] What to do with my VAX.....

Fri Nov 20 10:46:42 EST 2020

On Monday, November 16, 2020 at 2:38:46 AM UTC-6, Phillip Helbig (undress to reply) wrote:
> In article <rot4rj$onr$1... at dont-email.me>, Dave Froble
> <da... at tsoft-inc.com> writes: 
> 
> Right. I think that folks here understand. However, the term "security 
> by obscurity" has a very specific meaning, and it is confusing to use it 
> to mean something else. 

No. The term "security by obscurity" currently has an obsolete definition. Technically it has always had an obsolete definition, even from day one. You can journey through all of the encryption methods that "would take a super computer years to crack" which are now no longer used because they are child's play. According to some computer history sites a Cray-1 could do 160 MIPS. An i7 920 (Quadcore) can do 82,300 MIPS. According to Wikipedia (not a reliable source) https://en.wikipedia.org/wiki/List_of_Intel_Core_i7_microprocessors  it was released in November 2008.

I have yet to find _any_ encryption method which was not relying on the size of the forest one wanted to hide a tree in.
I have yet to find a champion of said methods who doesn't believe the hacker has to have everything to get my one message.

Those are both very outdated modes of thinking.

When one does the math: considering a 6+ million BOT-NET of i7 920 or above computers (given their age, not unreasonable) You could even go back to 4th gen i5 if you want. https://ark.intel.com/content/www/us/en/ark/products/series/75024/4th-generation-intel-core-i5-processors.html all running at the don't notice it pace of processing 1 packet per hour containing 100 passwords to generate output from and the single SALT to use; it's easy to see a massive amount of data being put into a database over the course of a week.

Hackers don't need _everything_. The need many things for one known packet pre-amble. That universal XML opening text. If they can penetrate even 1% of the CC request for authorization transactions and get valid data to use for another authorization paying money to them or buying products to resell, it's profitable.

> 
> By your definition, all forms of access restriction are "security by 
> obscurity", since those who have access have it because they have 
> something which those who don't don't, though they could, theoretically, 
> bluff their way through and get lucky.

This has always been the case. People pilfer an employee security badge to get access to a building or a room. People talk their way through a door. That's spy craft 101.

We have all watched television shows where someone picked a lock. You can buy the tools and a practice lock in a clear block online. Even if you have the best steel door on your home/office, the key lock is the way in. Most people don't have that. They have a door that looks "nice." That means the lock is really only there to keep out honest people because a solid enough guy can kick/force their way through it.