[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security through obscurity
> You are not going to be able to keep your algorithm secret, period.
> Those who are determined enough will be able to dig it out of any
> programs or chips you use to implement your algorithm. Security through
> obscurity is stupid because no matter how smart you may think you are
> in hiding your method, there is always someone smarter who will dig it
> out and changing technology constantly lowers the barrier of how smart
> people need to be to dig information out of old locks using new tools.
I agree with this 100%.
The interesting fact is, a lot of commercial programs rely on security
through obscurity. Often, anyone who takes the time to disassemble
the interesting routines, can crack the encryption.
Yes it is stupid. But, a lot of people and companies rely on
"security through obscurity" to protect their applications/data.
Part of this is due to export restrictions, but a large part is just
due to lack of awareness.
One of my favorite applications has embedded in its license
agreement:
"...nor shall the Licensee attempt to decrypt
any Passwords that may enable the Software's functionality..."
This is not a substitute for real security.
-------------------------------------------------------------------------
To find out more about the anon service, send mail to [email protected].
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to [email protected].