[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [CyberCash Media hype]
Uh, I was paraphrasing the conclusions of the article in
order to convey that the authors clearly have no clue about
security software. I (incorrectly) thought there was sufficient
sarcasm in my post to convey that.
Question - where did the below-highlighted opinion come from?
Also, I do disagree with your statement "security through
obscurity is no security at all." A rather high degree of
security can be had through obscurity, but it is often entirely
unpredictable whether or not a particlar 'obscurity method'
will be secure or not (any 15 year old hiding cigarettes under
the bed can attest to that). I see this as an extension of the
pricipals underlying modern crypto - it could be that a factoring
attack on RSA is possible but really obscure. It is simply an
example of more predictable security through obscurity. Perhaps
I'm pushing definitions a little too far here.
At 2:45 PM 9/15/94, Chael Hall wrote:
>>These are my favorite paragraphs.
>>1) Proprietary == secure
>>2) Understanding how it works == insecure
> I disagree. Proprietary is MORE secure, but security through
>obscurity is no security at all. The only thing that does is separate
>the proverbial men from the boys. It keeps the idiots who think they
>can crack a system from touching it, but the people who know what they
>are doing will learn it rather quickly.
> Understanding how it works is also not necessarily insecure either.
>What about PGP? Would you rather use some proprietary methond that may
>or may not have a backdoor or may not be as secure as it is touted to
>be? I prefer to use something that has been proven and tested.
"It's a question of semantics, and I've always been rather anti-
semantic." -Gene Simmons
Jamie Lawrence <[email protected]> <[email protected]>