more on security/obscurity/reality (fwd)

[Tony Kidson]

In message <9218 at eternity.demon.co.uk> you write:
> Forwarded message follows:
>
> > From cypherpunks-request%toad.com at relay2.uu.net Fri Jan 15 12:52:47 1993
>
> One thing I've really noticed over the 5 or 6 years I've been on the net
> is the real hatred people have for what is coined "security by obscurity."
> I think it is because of the terrible way people have gotten burned by
> relying on conceiled methods only, or secret algorithms as ciphers to
> protect their material. The method is discovered one way or another, and
> everything caves in on itself! Quite understandable.
>
> Yet I cringe at the way people have just turned their backs on the whole
> meta-philosophy of "coversion." If, for instance, you are to do battle with
> an unbearable, overwhelming power, such as the Government, then what is the
> only real way to "win?" Besides convincing them not to do battle with you?
>
> It is by staying conceiled, secret, untargetable. If they don't know to fight
> you, or, if they do know, but cannot find you, then you stay all right.
> Once it gets to a face-to-face confrontation, however, you lose, and you
> lose immediately, there is nothing you can bring to bear, since it is now
> just a force equation, and they have over 10,000 times the force you do.
> Or more...
>
> This is one of the applications of the secret side of life. Modern crypto-
> graphy has advanced, I think, by declaring all coversion as eventually
> discoverable, and only seeking algorithms that will suffice even if the
> enemy knows your methods. I agree with this. I guess I part company, however,
> when people totally throw out being secretive as a partial or adjunctive
> solution to something that is intrinsicly secret to begin with. The addition
> of conceilment, disinformation, invisibility, etc. can be a tremendous
> advantage when combined with strong methods (good ciphers that don't rely
> on coversion). It is a multilayered approach that first tries to not become
> a target, and, if it is a target is still hard to crack.
>
> When us little people try to maintain privacy against a Govt. that is REALLY
> PISSED OFF BY EVEN THE IDEA WE WANT TO STRONGLY PROTECT OURSELVES, a multi-
> layered, contingency-based approach is required. The most important part of
> it is not a strong cipher, but, not to become a detectable or locatable
> target. i.e. coversion and secrecy.

While what you say is certainly true, it won't survive any kind 
of detailed attack. I'm all for the sentiment, but while there 
are so many mundane things going on round about, the best way to 
remain undetected is to remain undecipherable and to make sure 
that there is enough traffic about of the same sort. Press for 
encipherment of e-mail, that way, if everybody is doing it, who's 
to know what the underworld is doing? This is especially useful 
if you are not actually interested in violent revolution. You can 
then convince the powers that be that you are not worth 
monitoring.

regards

Tony
------------------+-------------------------------+--------------------------+
| Tony Kidson     |`morgan' is an 8MB  486/33 Cat-| Voice +44 81 466 5127    | 
| Morgan Towers,  |Warmer with a 670 MB Hard Disk.| E-Mail                   |      
| Morgan Road,    |It  resides at Morgan Towers in| tony at morgan.demon.co.uk  |
| Bromley,        |Beautiful  Down Town  Bromley. | tny at cix.compulink.co.uk  |
| England BR1 3QE |            -=<*>=-            | 100024.301 at compuserve.com|
+=================+===============================+==========================+