Re: more on security/obscurity/reality (fwd)
In message <9218@eternity.demon.co.uk> you write:
Forwarded message follows:
From cypherpunks-request%toad.com@relay2.uu.net Fri Jan 15 12:52:47 1993
One thing I've really noticed over the 5 or 6 years I've been on the net is the real hatred people have for what is coined "security by obscurity." I think it is because of the terrible way people have gotten burned by relying on conceiled methods only, or secret algorithms as ciphers to protect their material. The method is discovered one way or another, and everything caves in on itself! Quite understandable.
Yet I cringe at the way people have just turned their backs on the whole meta-philosophy of "coversion." If, for instance, you are to do battle with an unbearable, overwhelming power, such as the Government, then what is the only real way to "win?" Besides convincing them not to do battle with you?
It is by staying conceiled, secret, untargetable. If they don't know to fight you, or, if they do know, but cannot find you, then you stay all right. Once it gets to a face-to-face confrontation, however, you lose, and you lose immediately, there is nothing you can bring to bear, since it is now just a force equation, and they have over 10,000 times the force you do. Or more...
This is one of the applications of the secret side of life. Modern crypto- graphy has advanced, I think, by declaring all coversion as eventually discoverable, and only seeking algorithms that will suffice even if the enemy knows your methods. I agree with this. I guess I part company, however, when people totally throw out being secretive as a partial or adjunctive solution to something that is intrinsicly secret to begin with. The addition of conceilment, disinformation, invisibility, etc. can be a tremendous advantage when combined with strong methods (good ciphers that don't rely on coversion). It is a multilayered approach that first tries to not become a target, and, if it is a target is still hard to crack.
When us little people try to maintain privacy against a Govt. that is REALLY PISSED OFF BY EVEN THE IDEA WE WANT TO STRONGLY PROTECT OURSELVES, a multi- layered, contingency-based approach is required. The most important part of it is not a strong cipher, but, not to become a detectable or locatable target. i.e. coversion and secrecy.
While what you say is certainly true, it won't survive any kind of detailed attack. I'm all for the sentiment, but while there are so many mundane things going on round about, the best way to remain undetected is to remain undecipherable and to make sure that there is enough traffic about of the same sort. Press for encipherment of e-mail, that way, if everybody is doing it, who's to know what the underworld is doing? This is especially useful if you are not actually interested in violent revolution. You can then convince the powers that be that you are not worth monitoring. regards Tony ------------------+-------------------------------+--------------------------+ | Tony Kidson |`morgan' is an 8MB 486/33 Cat-| Voice +44 81 466 5127 | | Morgan Towers, |Warmer with a 670 MB Hard Disk.| E-Mail | | Morgan Road, |It resides at Morgan Towers in| tony@morgan.demon.co.uk | | Bromley, |Beautiful Down Town Bromley. | tny@cix.compulink.co.uk | | England BR1 3QE | -=<*>=- | 100024.301@compuserve.com| +=================+===============================+==========================+
participants (1)
-
tony@morgan.demon.co.uk