* Jonathan T. Rockway <[EMAIL PROTECTED]> [2007-05-18 18:55]: > Obscurity is a "constant factor". As soon as one person figures > out your obfuscation, it's useless. When someone figures our > your real security, it does them no good at all.
You know how easy 99.99% of the locks are to pick? Doesn’t mean I’ll leave my front door unlocked when leaving the house. Security is all about tradeoffs. (I think I’ve seen you quote Schneier elsewhere? You should be familiar with this statement if you read him.) Obscurity buys you a little security, for (usually) virtually no cost. So it’s almost always a good tradeoff. > Since there are 6_000_000_000 people in the world, it's likely > that someone has already figured our your obscurity I don’t see how that conclusion follows from the premise. > It's like saying O(2) instead of O(1). Sure, ``O(2)'' is twice > as slow as O(1), but that's irrelevant and you sound stupid > when you make a distinction. In practice, particular in high-level languages like Perl, there is often a choice to make between something like a 200n and 2n^2 algorithm, and guess what? Unless you’re processing ridiculous amounts of data, the O(n^2) algorithm turns out faster than the O(n) one. For theoretical treatment, constant factors and small terms are irrelevant. In practice, they can make or break an algorithm. Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/> _______________________________________________ List: [email protected] Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
