----- Ursprüngliche Nachricht -----
Von: Grant Edwards
Gesendet am: 18 Nov 2009 16:54:13
>> The phrase "security by obscurity" is normally taken to mean
>> "security by hiding the way it works", i.e., trying to hide
>> the code or algorithm.
>Exactly. "Security by obscurity" does not refer to the fact
>that you need to keep a secret key a secret. It refers
>specifically to the dependance on keeping the design and
>implementation of the _algorithms_ a secret.
I'd say, some people confuse obscurity with secrecy.
Obscurity means that it is designed a way so people do not understand how it
works, even if they have all information.
Secrecy means that people cannot solve the riddle because you keep some
information from them.
Both are two different fields.
Obscurity is a good thing if you want something that simply works, without a
key, a password, the need of any user input, but still keeps people from
copying your work (other than a 1:1 copy)
Security is good to keep people from running a device, reading data and so on,
but it requires operator input (the key or whatever) each time the 'job' has to
be done.
Using obscurity for protecting data does not work.
Using security for protecting an algorithm does not work too.
All the 'good' press for obscurity comes from the fact that people tried to
secure data by obscure algorithms. That won't work. If you don't have a secret
part, the obscure algorithm is useless. If you have, the algorithm
does not need to be obscure.
Understanding an obscure algorithm requires in-depth knowledge of the matter,
some ingeniosity and quite some time (at least if it is something the is worth
being protected)
Decrypting data that has been encrypted by a non-obscure algorithm simply
requires theft of the key, or soem computing power and some time.
Based on this comparison, I'd say, secrecy is the easier part to break.
>Security by obscurity doesn't work.
Sometimes it works much too well. :)
Once I had to change something in an old firmware code. It took me several
hours to understand how the interrupt function could possibly do what it
obviously did. There were no comments in the source code (which I
had, together with the hardware layout). And it was not a big function at all
(running on one of the small PIC controllers).
I wonder whether the original programmer still knows what he did there.
After all, the only secure thing is a something where nobody has access to. And
then it is probably the most useless thing too.
JMGross
