Keeping secrets as a system administrator

March 31, 2008

There are two sorts of secrets in the world: known secrets and unknown secrets.

A known secret is something that people already know exists; for example, your root password is a known secret. Keeping a known secret is simple: you just don't tell people your root password. You have to guard known secrets against inadvertent disclosure (it's always embarrassing to type your root password into the wrong window), but that's mostly it.

(I am ignoring the possibility of deliberate attacks against the secret.)

Unknown secrets are secrets that people do not know even exist. When you are keeping these, it is not sufficient to avoid disclosing the content of the secret; you must conceal the very existence of the secret. In short, to keep an unknown secret you must behave as if the secret doesn't exist. For example, if the unknown secret is a message in a private message system it is not sufficient to not disclose the contents; you had better not mention that the message even exists.

(This is especially the case because unknown secrets are usually the most sensitive sort of secrets that system administrators have to deal with or accidentally come to know.)

If you are trying to figure out if something is a known or an unknown secret, ask yourself if an outside person would know about the existence of the secret. If the answer is even 'probably not', then it is safer to assume that it is an unknown secret and behave appropriately.

(Getting good at keeping unknown secrets has uses outside of system administration, too; quite a lot of spoilers for books and movies and TV shows qualify.)

Written on 31 March 2008.
« The quote of the time interval, on XML
A simple Python class to trace access to object attributes »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Mon Mar 31 22:41:56 2008
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.