Security through obscurity
I know that it is pretty much accepted by the security community that security through obscurity is useless. There are countless references to this, and it is a strong argument in favor of publishing algorithms.
From time to time, however, it is healthy to question policies such as these and ask ourselves whether or not this is a good idea. It seems that Denning has changed her mind on this by advocating the secrecy of the skipjack algorithm.
All of the known plaintext attacks on algorithms such as DES, that involve exhaustive key search are based on knowledge of the algorithm. Wouldn't keeping the algorithm a secret render such chips, as the one presented in Eurocrypt '93 useless? I agree that analysis is more difficult when you don't know if an intruder has compromised your algorithm, but if it were my data that I wanted kept secret I wouldn't give the cracker a head start by publishing my algorithm. Clipper has proven how difficult it is to reverse engineer an algorithm. Let me just say that I know I have violated an accepted doctrine of computer security, but I think it's okay to question even the most accepted ideas every once in a while. I thought this would be a bit provocative. Wonderer ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi.
an41418@anon.penet.fi (wonderer) writes:
[regarding security through obscurity and the clipper/skipjack stuff]
All of the known plaintext attacks on algorithms such as DES, that involve exhaustive key search are based on knowledge of the algorithm. Wouldn't keeping the algorithm a secret render such chips, as the one presented in Eurocrypt '93 useless?
[...] I wouldn't give the cracker a head start by publishing my algorithm.
You are not going to be able to keep your algorithm secret, period. Those who are determined enough will be able to dig it out of any programs or chips you use to implement your algorithm. Security through obscurity is stupid because no matter how smart you may think you are in hiding your method, there is always someone smarter who will dig it out and changing technology constantly lowers the barrier of how smart people need to be to dig information out of old locks using new tools. The problem with security through obscurity is that if it is set up as a part of a system people have a tendency to think that they can use the obscurity to hide weaknesses in the system. Once your system or chip is out there in quantity there will be nothing on it you can hide, and any weaknesses will be impossible to fix without a recall (severely damaging trust and reputation with your users...) If the algorithm is truly secure, then very little will be gained by letting everyone know the method used, and by letting others examine and test the system it is possible to have others establish the strength or weaknesses of your method for you. I do not trust you, I do not trust the NSA, I do trust the cryptography community in general because they have nothing to gain by misleading me.
Clipper has proven how difficult it is to reverse engineer an algorithm.
Clipper has proven nothing because _no one has had a chance to reverse engineer the algorithm_. Give me clipper in software or give some of the people on this list the clipper chips and see we'll see how long the method remains secret. So far clipper/skipjack is vapor. When I can hold one in my hand and tweak inputs and outputs then we shall see how difficult it is to reverse engineer an algorithm. jim
participants (2)
-
an41418@anon.penet.fi -
Jim McCoy