> Your question: What's the difference between secret and obscure? Well, I'm not the person this was addressed to. But to me, at least, security-through-obscurity is a fair term only when it's applied to things which are inherently difficult to change.
For example, suppose I design a super-whizzo crypto algorithm which I (probably incorrectly :) believe is strong, but only if you don't know how it works. Because I presumably can't just come up with another algorithm at the drop of a hat if this one leaks, that's StO. But if I use a good algorithm (Rijndael, let's say) with a key, and the key leaks, it is not inherently difficult to switch keys. It won't hurt my security for you to know everything but the easy-to-change piece, so it's not StO. (It may be difficult in certain cases to do a key change, but that's because of factors peculiar to the context; it is not _inherently_ difficult.) /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
