Subject: Re: Volunteers to test some kernel code...
To: Dave McConnell <firstname.lastname@example.org>
From: Gandhi woulda smacked you <email@example.com>
Date: 06/13/1999 14:18:41
On Fri, 11 Jun 1999, Dave McConnell wrote:
# The "hash seed" and public/private key pairs (used to
# validate/generate signatures) could be kept on an external token
# such as a smartcard. The user removes the token when not at the
# workstation. Smartcards are relatively cheap and simple to use.
"ick". If necessary, then so, but..."ick".
# Access control is also an issue. Its no use validating binaries when
# someone has managed to get hold of the root password, or reboots
# your system off a diskette and then has access to your filesystem
# to replace the kernel without your knowledge.
The fact that they'd be able to reboot is pretty much a red flag in
# No security system is ever 100%. How much money and effort you
# expend securing your system is proportional to what your threat is
# and the cost of a compromise.
It's closer to an exponential (and thus assymptotic) curve, but yes, it's a
direct proportion as opposed to an inverse one.
NetBSD: more is more.