 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> What's technical? The sysadmin is, by definition, God. You can't stop
>> God from doing things. QED. You don't need to know a thing about
>> technology to comprehend this extremely simple principle.
>
> You'd think so, but clearly the evidence suggests it's not that obvious -
> otherwise they *would* have grasped it.
*sigh* Human kind depresses me...
>> Yeah, sure, but the *key* has to be stored somewhere. ;-)
>
> The key is in my head. If you can extract my password from my brain,
> you'll have proven that you *are* God.
Pah. Humans are so predictable. You show me a strong password, I'll show
you a hidden paper note. ;-)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 10:49:58 +0100, Invisible wrote:
> Anything you can do, the sysadmin can undo. He controls the machine
> you're using. You can't win. [Theoretically at least. In practice you
> can make it too hard to be worth the bother.]
That's the point of security measures - you raise the bar to the point
that the cost exceeds the value of the data. Basic security principle.
But my sysadmins don't have access to my machines. First, I've got two
laptops; I installed the OS and control the passwords. I also work from
home most of the time - 45 miles from the nearest sysadmin.
If I chose to encrypt files on my hard drive using encfs (as I use
openSUSE) - and indeed I have for some that are sensitive for the company
(but that they have copies of - source code, for example), they're not
getting the files from my machine. They *can* get them from the source
repository servers, though.
And from our earlier conversation where I blew it on data recovery from
wiped drives, I'd like to see them undo a secure wipe of the hard drives
in these laptops. Or the machines I traded in for the second laptop, for
that matter (pulled my data off them, wiped the drive so they could
install a fresh OS for the next user on it).
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 11:24:28 +0100, Invisible wrote:
> a kernel-level debugger can see every octet of data in the machine's
> main RAM and swap file.
Hmmm, so you've reversed your opinion on whether or not a memory dump is
useful? ;-) <scnr>
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 11:26:37 +0100, Invisible wrote:
>>> What's technical? The sysadmin is, by definition, God. You can't stop
>>> God from doing things. QED. You don't need to know a thing about
>>> technology to comprehend this extremely simple principle.
>>
>> You'd think so, but clearly the evidence suggests it's not that obvious
>> - otherwise they *would* have grasped it.
>
> *sigh* Human kind depresses me...
At times it does me as well. That's part of the curse of being smart;
it's easy to see how idiotic most of the populace is. Of course, we're
*all* idiots from time to time.
>>> Yeah, sure, but the *key* has to be stored somewhere. ;-)
>>
>> The key is in my head. If you can extract my password from my brain,
>> you'll have proven that you *are* God.
>
> Pah. Humans are so predictable. You show me a strong password, I'll show
> you a hidden paper note. ;-)
You won't find a hidden paper note on *my* desk. I do actually have a
background in security and systems administration, so I know not to do
that. Oh, and it's not on the bottom of my keyboard, either, so you can
forget looking there.
The paper? It doesn't exist for any of my passwords. I keep them *all*
in my head. I've got one password that I've been using for nearly 20
years (though not recently, now I think of it); > 20 characters long, and
even accidentally typed on the screen, it just looks like a random stream
of characters. Muscle memory is a wonderful thing.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> a kernel-level debugger can see every octet of data in the machine's
>> main RAM and swap file.
>
> Hmmm, so you've reversed your opinion on whether or not a memory dump is
> useful? ;-) <scnr>
Useful for trying to grab somebody's credit card number? Absolutely!
Useful for trying to work out why some piece of software that you know
nothing about has crashed? Not really, no.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> *sigh* Human kind depresses me...
>
> At times it does me as well. That's part of the curse of being smart;
> it's easy to see how idiotic most of the populace is. Of course, we're
> *all* idiots from time to time.
Worrying fact: 50% of the population has below-average intelligence. (!!!)
>> Pah. Humans are so predictable. You show me a strong password, I'll show
>> you a hidden paper note. ;-)
>
> You won't find a hidden paper note on *my* desk. I do actually have a
> background in security and systems administration, so I know not to do
> that.
Very, very few people are capable of coming up with strong passwords
that they can actually remember.
> Muscle memory is a wonderful thing.
...until you get your right arm chopped off. :-P
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 12:03:55 +0100, Invisible wrote:
>>> a kernel-level debugger can see every octet of data in the machine's
>>> main RAM and swap file.
>>
>> Hmmm, so you've reversed your opinion on whether or not a memory dump
>> is useful? ;-) <scnr>
>
> Useful for trying to grab somebody's credit card number? Absolutely!
And how exactly do you propose to do that?
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 12:06:01 +0100, Invisible wrote:
>>> *sigh* Human kind depresses me...
>>
>> At times it does me as well. That's part of the curse of being smart;
>> it's easy to see how idiotic most of the populace is. Of course, we're
>> *all* idiots from time to time.
>
> Worrying fact: 50% of the population has below-average intelligence.
> (!!!)
LOL, but mathematically sound. More worrying is the 80% who think
they're above average drivers.
>>> Pah. Humans are so predictable. You show me a strong password, I'll
>>> show you a hidden paper note. ;-)
>>
>> You won't find a hidden paper note on *my* desk. I do actually have a
>> background in security and systems administration, so I know not to do
>> that.
>
> Very, very few people are capable of coming up with strong passwords
> that they can actually remember.
Actually, if you teach them to use a mnemonic device to remember it, most
people actually can. It's just that they haven't been taught how to
remember something that seems random.
>> Muscle memory is a wonderful thing.
>
> ...until you get your right arm chopped off. :-P
It's fortunate I have a brain to back it up. I *have* actually typed
that password in one-handed - in fact, with one finger. I may even have
done so with my nose once just to see if I could. :-P
And I actually *did* type it on a screen in front of a class of college
students, too - none of them caught it or were able to remember it. Of
course, I told them what it was *after* clearing the screen.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> Very, very few people are capable of coming up with strong passwords
> that they can actually remember.
Especially when some stupid system forces you to change it every month.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Very, very few people are capable of coming up with strong passwords
>> that they can actually remember.
>
> Especially when some stupid system forces you to change it every month.
...and this is bad because...?
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
