On Fri, 4 Mar 1994, Mike McNally wrote:
Maybe not, but if you've been paying atention you know of a great deal of theory that support the intractability of solving certain problems in realistic amounts of time. Most PK cryptosystems are based on relatively simple principles of mathematics. It stretches the imagination to think that the NSA somehow has solved the factoring problem; I concede it's possible, but unlikely.
Granted.
The point is, that in the real world, we'll never know if our algorithms are "good enough to withstand an opponent who has full documentation of your algorithms and methods lots of funds, and everything except your keys."
Depends on what you mean by "know", I guess.
know = 100% objective certainty
security-by-obscurity is a naive waste of time,
I still don't see why.
Well, you can't tell when you've been compromised,
How can you tell that you've been compromised if you stick to non-security-by-obscurity methods?
and you have no rigorous way of demonstrating the robustness of your obscurity.
That would be difficult. But, lack of objective measures does not mean that security-through-obscurity is innefective. BTW, there may be some statistics on the effectiveness of StO, somewhere. (Anyone out there heard of any?)
The real problem, however, is that you'll have a hard time convincing anybody else to participate.
I am not trying to convince everyone hide their data in the same place I am hiding it. Simply consider hiding it, rather than leaving it out in the open! That's not too crazy a proposition, is it?
You can hide all your valuables in a really clever place and do all sorts of really clever secret things to protect them, and that may make you feel secure. However, you won't be able to convince me to entrust *my* valuables to you unless you explain to me the details of your techniques.
Take your encrypted data. Stick it in a file, using a variable offset. That's all there is to it. Sergey