I know that it is pretty much accepted by the security community that security through obscurity is useless. There are countless references to this, and it is a strong argument in favor of publishing algorithms.
From time to time, however, it is healthy to question policies such as these and ask ourselves whether or not this is a good idea. It seems that Denning has changed her mind on this by advocating the secrecy of the skipjack algorithm.
All of the known plaintext attacks on algorithms such as DES, that involve exhaustive key search are based on knowledge of the algorithm. Wouldn't keeping the algorithm a secret render such chips, as the one presented in Eurocrypt '93 useless? I agree that analysis is more difficult when you don't know if an intruder has compromised your algorithm, but if it were my data that I wanted kept secret I wouldn't give the cracker a head start by publishing my algorithm. Clipper has proven how difficult it is to reverse engineer an algorithm. Let me just say that I know I have violated an accepted doctrine of computer security, but I think it's okay to question even the most accepted ideas every once in a while. I thought this would be a bit provocative. Wonderer ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi.