Nick Boyce wrote:
> Surely this is just another rehash of the same old debate that appears
> here every now and then - the conclusion will always be that stored
> passwords are inherently vulnerable. They can be obfuscated as much
> as you like, but it only needs one successful piece of R&D to render
> the whole obfuscation scheme useless for everybody.
>
> See
> http://marc.theaimsgroup.com/?t=92420089800002&r=1&w=2
> http://marc.theaimsgroup.com/?t=94570694700003&r=1&w=2
> for a couple of useful Bugtraq debates on this topic.
> [both in 1999 ... was that _really_ the last time this came up ?]
Good grief. Are DOS and Win9x concepts really so burned into people's
brains that they can't recognize the proper solution for storing data
where other users on a system can't get to it?
These aren't the days of single-user desktop operating systems anymore,
people. You don't need inherently insecure obfuscation techniques to
hide data, you just have to store it where it friggin' belongs -- IN THE
USER'S HOME DIRECTORY.
> Surely this is just another rehash of the same old debate that appears
> here every now and then - the conclusion will always be that stored
> passwords are inherently vulnerable. They can be obfuscated as much
> as you like, but it only needs one successful piece of R&D to render
> the whole obfuscation scheme useless for everybody.
>
> See
> http://marc.theaimsgroup.com/?t=92420089800002&r=1&w=2
> http://marc.theaimsgroup.com/?t=94570694700003&r=1&w=2
> for a couple of useful Bugtraq debates on this topic.
> [both in 1999 ... was that _really_ the last time this came up ?]
Good grief. Are DOS and Win9x concepts really so burned into people's
brains that they can't recognize the proper solution for storing data
where other users on a system can't get to it?
These aren't the days of single-user desktop operating systems anymore,
people. You don't need inherently insecure obfuscation techniques to
hide data, you just have to store it where it friggin' belongs -- IN THE
USER'S HOME DIRECTORY.
[ reply ]