On 2009-11-18, N. Coesel <[email protected]> wrote:
> At 15:54 18-11-2009 +0000, you wrote:
>>On 2009-11-18, David Brown <[email protected]> wrote:
>>> N. Coesel wrote:
>>
>>>>> The old "security by obscurity" trick, that has /such/ a good reputation?
>>>>
>>>> Any means of security is security by obscurity by definition.
>>>> All protections schemes come down to hiding a secret
>>>> (obscurity). Whether its a key, a secret algorithm, etc.
>>>
>>> The phrase "security by obscurity" is normally taken to mean
>>> "security by hiding the way it works", i.e., trying to hide
>>> the code or algorithm.
>>
>>Exactly. "Security by obscurity" does not refer to the fact
>>that you need to keep a secret key a secret. It refers
>>specifically to the dependance on keeping the design and
>>implementation of the _algorithms_ a secret.
>>
>>Quoting Paul Schneier in _Secrets_&_Lies_:
>>
>> A good security design has no secrets in its details. In
>> other words, all of the security is in the product itself
>> and its chageable secret: the cryptographic keys, the
>> passwords, the tokens and so forth. The antithesis is
>> _security_by_obscurity_: The details of the system are
>> part of the security. If a system is designed with
>> security by obscurity then that security is delicate.
>>
>>Later in the same book:
>>
>> Again and again in this book I rail against _security_by_
>> _obscurity_: proprietary cryptography, closed source code,
>> secret operating systems.
>>
>>
>>Security by obscurity doesn't work.
>
> Which is big a misconception!
History appears to show otherwise.
> - If you make the way the lock works publicly available then you need a
> complex lock and a big key. This security measure relies on the key staying
> hidden and that it will take a long time to pick the lock.
>
> - If you keep the way the lock works secret,
You can't. At least not for long.
> you can keep the lock and the key very simple. This security
> measure relies on keeping both the lock and the key secret.
> Trying to pick the lock is an almost impossible task.
>
> Both methods require keeping a secret.
True.
> So both methods rely on obscurity anyway!
But the phrase "security by obscurity" (at least as it is used
in the software and crypto world) refers _specifically_ to the
"keep the lock design secret" method.
You can keep a key secret by not telling anyone.
To keep a lock secret you have avoid giving a copy of it to
anyone -- IOW the only way to keep a lock secret is to never
actually use it.
So you're right. A secret lock design is effective as long as
it is never used.
--
Grant Edwards grante Yow! I'm having a
at tax-deductible experience!
visi.com I need an energy crunch!!
