• Object delete. (unregistered)

    Worst algorithm: when n-password-uniqueness (preventing immediate change back) is too complex, you just use a minimum pw lifetime for the same result. Then a user making an error like setting the same password as for another account, can't repair it without help from IT. And IT has gone home already, or has more important stuff to do, and at least scolds the user for needing help => the error won't be repaired.

  • Zach (unregistered)

    shit, that's how I get my password. Now I have to come up with a new algorithm

  • (nodebb)

    Security by obscurity of algorithm. If you don't know the algorithm, then you can't access the server. Once you know the algorithm, there is no way to secure the system from you, by like changing the password, even if you are no longer (or never were) authorized to work on that server in that way.

  • koekum (unregistered)

    On your last day there just enable DHCP

  • NoLand (unregistered)

    Great to learn Paula stayed in IT, after all. :-)

  • Appalled (unregistered) in reply to koekum

    Servers are typically static IP's for just that reason. They don't freaking change on you.

  • sizer99 (google) in reply to Appalled

    Yeah, how else are you going to keep that password so ironclad secure?

  • Brian Boorman (google) in reply to Appalled

    Notice he said "on your last day..."

  • Appalled (unregistered)

    So what is he going to enable? The DHCP Server itself? The network immediately collapses and is fixed. The first in line switches? The Network immediately collapses and is fixed. At each device (server) ? Would kill that server only. Might be somewhat pranky if he chose a single rarely accessed server and nobody noticed for awhile. Real-time servers? Immediate Application(s) collapse and fix. So what's the stupid point in trying to do anything via DHCP. Precisely.

  • Object delete. (unregistered) in reply to Appalled

    DHCP has the option to provide static IP by MAC address. So nothing will change visibly, until some server or at least network interface has to be replaced.

  • Wizard (unregistered)

    DHCP? Why wouldn't you use DHCP and reserve the IP addresses anyway? You instantly have the IP addresses documented without resorting to spreadsheets or the like.

  • (nodebb)

    Oldschool sysadmins are frightened by DHCP. It's a shame, but doing things the hard way at least justifies a lot of wailing and whining that such people probably are inherently going to do anyway.

  • Oliver Jones (google)

    Hey I got an idea! Let's add two-factor authentication to that system so it will be even more secure.

    We can print up a bunch of business cards with a random six-digit number on them. Then, the server logins can prompt for that number.

    Something you know and something you have, right? Two factor. Perfect. And MUCH cheaper than FIDO keys for everybody.

    Actually, it's three factor. Something you know, something you have, and something you are. You must be stupid to log in this way.

Leave a comment on “2018: The Wizard Algorithm”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article