Brian Steele [SPICEISLE] wrote:
>
> [copied from a reply made to another member off-list]
>
> >Then you are mistaken. Security through obscurity has long been
> >repudiated by knowledgeable security folks, dating from collquia of
> >locksmiths and the debates about whether weaknesses in locks should
> >be kept secret or shared among members of the trade.
>
> My challenge is to define "members of the trade" here. We're not
> talking about locks, but software, which by its very nature is easily
> transportable and reconfigurable - and quite easy to duplicate by
> anyone who has access to a computer and a floppy disk (or CD-RW drive
> :-)). Also, if a hacker, by perusing the "open" architecture for a
> security product, chances upon a flaw, then can we rely on him to
> report the flaw to the producer, or more likely use it for his own
> profit?
The "trade" here refers to cryptography as far as I'm concerned,
and it is irrelevant if it is implemented in HW, SW or something
else. And an open architecture hopefully gets peer-reviewed, so
mistakes may actually be found rather than hushed up.
Try reading something on the history of cryptography. Such as
why attempts to make public-key systems based on knapsacks
are vulnerable (a theoretic result), and not implemented in
practice.
-paul
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
