[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

security by obfuscation



Matthew Rapaport writes:

>[...] I don't understand the lure
>of all these schemes for hiding mail paths, etc. 

The disambiguating question is "What is the capability of your
opponent?"  Some opponents have only access to their own machine as
users, and some have access as root.  Others have access to all
traffic on the local network and can thus see all mail entering and
leaving a system.  Others, we might assume, have access to all traffic
on any non-local network.

The rule is the following.  If it's cheap enough to defend against
even the strongest opponent, deploy it.  Cryptography, with its
presumably exponential difference between the costs of defense
(encryption) and offense (cryptanalysis), allows for economical
solutions against even the largest of opponents.

Cryptography is a greater leveler than the Colt .45 revolver.

Eric