Standard for Stenography?
Sergey Goldgaber
sergey at delbruck.pharm.sunysb.edu
Fri Mar 4 22:22:00 PST 1994
On Fri, 4 Mar 1994, Mike McNally wrote:
> Maybe not, but if you've been paying atention you know of a great deal
> of theory that support the intractability of solving certain problems
> in realistic amounts of time. Most PK cryptosystems are based on
> relatively simple principles of mathematics. It stretches the
> imagination to think that the NSA somehow has solved the factoring
> problem; I concede it's possible, but unlikely.
Granted.
>
> > The point is, that in the real world, we'll never know if our algorithms
> > are "good enough to withstand an opponent who has full documentation of
> > your algorithms and methods lots of funds, and everything except your keys."
>
> Depends on what you mean by "know", I guess.
know = 100% objective certainty
>
> > > security-by-obscurity is a naive waste of time,
> >
> > I still don't see why.
>
> Well, you can't tell when you've been compromised,
How can you tell that you've been compromised if you stick to
non-security-by-obscurity methods?
> and you have no
> rigorous way of demonstrating the robustness of your obscurity.
That would be difficult. But, lack of objective measures does not mean
that security-through-obscurity is innefective. BTW, there may be some
statistics on the effectiveness of StO, somewhere. (Anyone out there
heard of any?)
> The real problem, however, is that you'll have a hard time convincing
> anybody else to participate.
I am not trying to convince everyone hide their data in the same place I
am hiding it. Simply consider hiding it, rather than leaving it out in
the open! That's not too crazy a proposition, is it?
> You can hide all your valuables in a really clever place and do all
> sorts of really clever secret things to protect them, and that may
> make you feel secure. However, you won't be able to convince me to
> entrust *my* valuables to you unless you explain to me the details of
> your techniques.
Take your encrypted data. Stick it in a file, using a variable offset.
That's all there is to it.
Sergey
More information about the cypherpunks-legacy
mailing list