>> Used to think the same, actually. But if you look at what obscurity >> is always used to refer, it's "this ordered system has *so much >> structure* nobody could ever figure it all out". That's a very >> different argumentory path than "there is nothing to figure out, they >> simply mathematically have to know this secret or brute force". > > You have chosen "I elect to play by attempting a definition for which > there can be no agreement."
I am saying operating systems are not like passwords. I don't think this exactly controversial. > Your question: What's the difference between secret and obscure? Could > you quantify this, say, with a particular number of bits of entropy? I can quantify this with the rate of change of complexity of a system. If you add one kilobyte of complexity to Windows (consuming literally 8192 bits extra space on the DVD), you have not done much to the difficulty of breaking Windows. If you add one kilobyte of complexity to an RSA key (literally, adding another 4096 bits to p and q respectively), you most assuredly have done much to to the difficulty of breaking this particular RSA key. I will grant that we could use better words than "obscure" and "secret" to represent the difference. But I consider "obscure" fundamentally different than "utterly unknown". An obscure band is not a secret band. An obscure illness is not a secret illness. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
