On Sep 19, 5:35pm, Black Unicorn wrote:
The TLA's understand this concept well, which is one of the reasons they classify almost everything they do. One non-obvious fact is that in the environment most governments use crypto (eg. widely distributed sites with key distribution channels which are more easily compromised than the crypto hardware), that the design of the cipher may be easier to keep secret than the key itself. As such, the use of security by obscurity in the design of the cipher itself is a lot more effective than most people would give it credit for.
While this may seem to be a joke comment, it is not.
Remember that what is being secured here is almost certainly a stronger cipher than any of us have access to (representatives of TLA's excepted :), and so the public scrutiny issue does not arise. I agree with Black Unicorn's phrase: security by obscurity alone is no security. If we need a buzzphrase - which itself is questionable - then that's about a close as we'll get. Ian.