1994-09-19 - Re: [CyberCash Media hype]

Header Data

From: “Ian Farquhar” <ianf@wiley.sydney.sgi.com>
To: cypherpunks@toad.com
Message Hash: fcf861281c90d10c7cf0a9d41ae09d37df3f5384117f81d4a90f748124c31a0c
Message ID: <9409191413.ZM8723@wiley.sydney.sgi.com>
Reply To: <aa9e73b800021003070a@[130.214.233.15]>
UTC Datetime: 1994-09-19 04:17:23 UTC
Raw Date: Sun, 18 Sep 94 21:17:23 PDT

Raw message

From: "Ian Farquhar" <ianf@wiley.sydney.sgi.com>
Date: Sun, 18 Sep 94 21:17:23 PDT
To: cypherpunks@toad.com
Subject: Re: [CyberCash Media hype]
In-Reply-To: <aa9e73b800021003070a@[130.214.233.15]>
Message-ID: <9409191413.ZM8723@wiley.sydney.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sep 15,  3:20pm, Jamie Lawrence wrote:
> Also, I do disagree with your statement "security through
> obscurity is no security at all."  A rather high degree of
> security can be had through obscurity, but it is often entirely
> unpredictable whether or not a particlar 'obscurity method'
> will be secure or not (any 15 year old hiding cigarettes under
> the bed can attest to that).

This is absolutely correct.  Keeping your secret key a secret _is_
security by obscurity, although in a much wider context than most people
would use the term.  In addition, it is also particularly effect if what
is being obscured is sufficiently secure already, as it just adds another
layer of protection.

For example, if I decided to superencrypt using some publicly known
and reasonably trusted ciphers (let's say DES, LOKI and IDEA), and decided
to keep the algorithms I had used and the order I had used them a secret,
I have _not_ decreased my security.  The obscurity does not deduct from
the security of these already moderately trusted ciphers, and the work
which would have to be added to figure out what I have done increases it
(although by an amount which is probably arguable).

I am sure that this is a point almost everyone here understands this
concept, but it's amazing how many times the argument "it's a secret,
therefore it's insecure" comes out.  It's only really insecure if the
thing you're keeping a secret is, and even then you have not decreased
it's effective security by obscuring it.

The TLA's understand this concept well, which is one of the reasons they
classify almost everything they do.  One non-obvious fact is that in the
environment most governments use crypto (eg. widely distributed sites with
key distribution channels which are more easily compromised than the
crypto hardware), that the design of the cipher may be easier to keep
secret than the key itself.  As such, the use of security by obscurity
in the design of the cipher itself is a lot more effective than most
people would give it credit for.

							Ian.








Thread