Security through obscurity
an38793 at anon.penet.fi
an38793 at anon.penet.fi
Mon Oct 11 16:41:41 PDT 1993
> You are not going to be able to keep your algorithm secret, period.
> Those who are determined enough will be able to dig it out of any
> programs or chips you use to implement your algorithm. Security through
> obscurity is stupid because no matter how smart you may think you are
> in hiding your method, there is always someone smarter who will dig it
> out and changing technology constantly lowers the barrier of how smart
> people need to be to dig information out of old locks using new tools.
I agree with this 100%.
The interesting fact is, a lot of commercial programs rely on security
through obscurity. Often, anyone who takes the time to disassemble
the interesting routines, can crack the encryption.
Yes it is stupid. But, a lot of people and companies rely on
"security through obscurity" to protect their applications/data.
Part of this is due to export restrictions, but a large part is just
due to lack of awareness.
One of my favorite applications has embedded in its license
agreement:
"...nor shall the Licensee attempt to decrypt
any Passwords that may enable the Software's functionality..."
This is not a substitute for real security.
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.
More information about the cypherpunks-legacy
mailing list