[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [CyberCash Media hype]



Uh, I was paraphrasing the conclusions of the article in
order to convey that the authors clearly have no clue about
security software. I (incorrectly) thought there was sufficient
sarcasm in my post to convey that.

Question - where did the below-highlighted opinion come from?

Also, I do disagree with your statement "security through
obscurity is no security at all." A rather high degree of
security can be had through obscurity, but it is often entirely
unpredictable whether or not a particlar 'obscurity method'
will be secure or not (any 15 year old hiding cigarettes under
the bed can attest to that). I see this as an extension of the
pricipals underlying modern crypto - it could be that a factoring
attack on RSA is possible but really obscure. It is simply an
example of more predictable security through obscurity. Perhaps
I'm pushing definitions a little too far here.

At 2:45 PM 9/15/94, Chael Hall wrote:
>>
>>These are my favorite paragraphs.
>>
>>1) Proprietary == secure
>>
>>2) Understanding how it works == insecure

>
>     I disagree.  Proprietary is MORE secure, but security through
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^

>obscurity is no security at all.  The only thing that does is separate
>the proverbial men from the boys.  It keeps the idiots who think they
>can crack a system from touching it, but the people who know what they
>are doing will learn it rather quickly.
>
>     Understanding how it works is also not necessarily insecure either.
>What about PGP?  Would you rather use some proprietary methond that may
>or may not have a backdoor or may not be as secure as it is touted to
>be?  I prefer to use something that has been proven and tested.
>
>Chael


-j

--
"It's a  question of semantics,  and I've  always been rather anti-
semantic."                                            -Gene Simmons
___________________________________________________________________
Jamie Lawrence       <[email protected]>        <[email protected]>