Re: [CyberCash Media hype]
Uh, I was paraphrasing the conclusions of the article in order to convey that the authors clearly have no clue about security software. I (incorrectly) thought there was sufficient sarcasm in my post to convey that. Question - where did the below-highlighted opinion come from? Also, I do disagree with your statement "security through obscurity is no security at all." A rather high degree of security can be had through obscurity, but it is often entirely unpredictable whether or not a particlar 'obscurity method' will be secure or not (any 15 year old hiding cigarettes under the bed can attest to that). I see this as an extension of the pricipals underlying modern crypto - it could be that a factoring attack on RSA is possible but really obscure. It is simply an example of more predictable security through obscurity. Perhaps I'm pushing definitions a little too far here. At 2:45 PM 9/15/94, Chael Hall wrote:
These are my favorite paragraphs.
1) Proprietary == secure
2) Understanding how it works == insecure
I disagree. Proprietary is MORE secure, but security through
^^^^^^^^^^^^^^^^^^^^^^^^^^
obscurity is no security at all. The only thing that does is separate the proverbial men from the boys. It keeps the idiots who think they can crack a system from touching it, but the people who know what they are doing will learn it rather quickly.
Understanding how it works is also not necessarily insecure either. What about PGP? Would you rather use some proprietary methond that may or may not have a backdoor or may not be as secure as it is touted to be? I prefer to use something that has been proven and tested.
Chael
-j -- "It's a question of semantics, and I've always been rather anti- semantic." -Gene Simmons ___________________________________________________________________ Jamie Lawrence <foodie@netcom.com> <jamiel@sybase.com>
On Sep 15, 3:20pm, Jamie Lawrence wrote:
Also, I do disagree with your statement "security through obscurity is no security at all." A rather high degree of security can be had through obscurity, but it is often entirely unpredictable whether or not a particlar 'obscurity method' will be secure or not (any 15 year old hiding cigarettes under the bed can attest to that).
This is absolutely correct. Keeping your secret key a secret _is_ security by obscurity, although in a much wider context than most people would use the term. In addition, it is also particularly effect if what is being obscured is sufficiently secure already, as it just adds another layer of protection. For example, if I decided to superencrypt using some publicly known and reasonably trusted ciphers (let's say DES, LOKI and IDEA), and decided to keep the algorithms I had used and the order I had used them a secret, I have _not_ decreased my security. The obscurity does not deduct from the security of these already moderately trusted ciphers, and the work which would have to be added to figure out what I have done increases it (although by an amount which is probably arguable). I am sure that this is a point almost everyone here understands this concept, but it's amazing how many times the argument "it's a secret, therefore it's insecure" comes out. It's only really insecure if the thing you're keeping a secret is, and even then you have not decreased it's effective security by obscuring it. The TLA's understand this concept well, which is one of the reasons they classify almost everything they do. One non-obvious fact is that in the environment most governments use crypto (eg. widely distributed sites with key distribution channels which are more easily compromised than the crypto hardware), that the design of the cipher may be easier to keep secret than the key itself. As such, the use of security by obscurity in the design of the cipher itself is a lot more effective than most people would give it credit for. Ian.
Ian Farquhar scripsit
On Sep 15, 3:20pm, Jamie Lawrence wrote:
Also, I do disagree with your statement "security through obscurity is no security at all." A rather high degree of security can be had through obscurity, but it is often entirely unpredictable whether or not a particlar 'obscurity method' will be secure or not (any 15 year old hiding cigarettes under the bed can attest to that).
I prefer: "security through obscurity ALONE is no security at all."
In addition, it is also particularly effect if what is being obscured is sufficiently secure already, as it just adds another layer of protection.
Guess I'm not the only one.
The TLA's understand this concept well, which is one of the reasons they classify almost everything they do. One non-obvious fact is that in the environment most governments use crypto (eg. widely distributed sites with key distribution channels which are more easily compromised than the crypto hardware), that the design of the cipher may be easier to keep secret than the key itself. As such, the use of security by obscurity in the design of the cipher itself is a lot more effective than most people would give it credit for.
While this may seem to be a joke comment, it is not. They also classify just about if not exactly everything because it never will be looked at seriously by the policy makers if it's not marked at least "secret." The major hurtle in intelligence is often not collection or analysis, but persuasion.
Ian.
-uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig!
On Sep 19, 5:35pm, Black Unicorn wrote:
The TLA's understand this concept well, which is one of the reasons they classify almost everything they do. One non-obvious fact is that in the environment most governments use crypto (eg. widely distributed sites with key distribution channels which are more easily compromised than the crypto hardware), that the design of the cipher may be easier to keep secret than the key itself. As such, the use of security by obscurity in the design of the cipher itself is a lot more effective than most people would give it credit for.
While this may seem to be a joke comment, it is not.
Remember that what is being secured here is almost certainly a stronger cipher than any of us have access to (representatives of TLA's excepted :), and so the public scrutiny issue does not arise. I agree with Black Unicorn's phrase: security by obscurity alone is no security. If we need a buzzphrase - which itself is questionable - then that's about a close as we'll get. Ian.
Ian Farquhar wrote: | > > crypto hardware), that the design of the cipher may be easier to keep | > > secret than the key itself. As such, the use of security by obscurity | > > in the design of the cipher itself is a lot more effective than most | > > people would give it credit for. | | > While this may seem to be a joke comment, it is not. | | Remember that what is being secured here is almost certainly a stronger | cipher than any of us have access to (representatives of TLA's excepted :), | and so the public scrutiny issue does not arise. | I agree with Black Unicorn's phrase: security by obscurity alone is no | security. If we need a buzzphrase - which itself is questionable - then | that's about a close as we'll get. Obscuring things can be a useful part of a security system for an organization. The phrase "security through obscurity" refers to systems which are all smoke and mirrors. Good security comes from reinforced concrete. If you add smoke and mirrors in front of concrete, you don't decrease your security. Unless, of course, you can't see whats coming becuse of all the smoke. Adam
Perhaps the saying "security through obscurity doesn't work" should be amended to say "security that depends on the secrecy of anything that cannot be easily changed doesn't work". In most cases, cryptographic keys are far more easily changed than cryptographic algorithms. That's why it's bad to rely on the secrecy of an algorithm, but okay to rely on the secrecy of a key. Phil
participants (5)
-
Adam Shostack -
Black Unicorn -
Ian Farquhar -
jamiel@sybase.com -
Phil Karn