[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [CyberCash Media hype]



Ian Farquhar scripsit
> 
> On Sep 15,  3:20pm, Jamie Lawrence wrote:
> > Also, I do disagree with your statement "security through
> > obscurity is no security at all."  A rather high degree of
> > security can be had through obscurity, but it is often entirely
> > unpredictable whether or not a particlar 'obscurity method'
> > will be secure or not (any 15 year old hiding cigarettes under
> > the bed can attest to that).

I prefer:  "security through obscurity ALONE is no security at all."


> In addition, it is also particularly effect if what
> is being obscured is sufficiently secure already, as it just adds another
> layer of protection.

Guess I'm not the only one.

> 
> The TLA's understand this concept well, which is one of the reasons they
> classify almost everything they do.  One non-obvious fact is that in the
> environment most governments use crypto (eg. widely distributed sites with
> key distribution channels which are more easily compromised than the
> crypto hardware), that the design of the cipher may be easier to keep
> secret than the key itself.  As such, the use of security by obscurity
> in the design of the cipher itself is a lot more effective than most
> people would give it credit for.
> 

While this may seem to be a joke comment, it is not.

They also classify just about if not exactly everything because it never 
will be looked at seriously by the policy makers if it's not marked at 
least "secret."

The major hurtle in intelligence is often not collection or analysis, but 
persuasion.

> 							Ian.

-uni- (Dark)

--
073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est
6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa    -    wichtig!