1993-01-16 - Re: more on security/obscurity/reality (fwd)

Header Data

From: tony@morgan.demon.co.uk (Tony Kidson)
To: cypherpunks@toad.com
Message Hash: 5b070791ddce55b1078cc4b2686e242160ac81bf636b14ced389c966bae36ca7
Message ID: <1414@morgan.demon.co.uk>
Reply To: N/A
UTC Datetime: 1993-01-16 03:27:50 UTC
Raw Date: Fri, 15 Jan 93 19:27:50 PST

Raw message

From: tony@morgan.demon.co.uk (Tony Kidson)
Date: Fri, 15 Jan 93 19:27:50 PST
To: cypherpunks@toad.com
Subject: Re: more on security/obscurity/reality (fwd)
Message-ID: <1414@morgan.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


In message <9218@eternity.demon.co.uk> you write:
> Forwarded message follows:
>
> > From cypherpunks-request%toad.com@relay2.uu.net Fri Jan 15 12:52:47 1993
>
> One thing I've really noticed over the 5 or 6 years I've been on the net
> is the real hatred people have for what is coined "security by obscurity."
> I think it is because of the terrible way people have gotten burned by
> relying on conceiled methods only, or secret algorithms as ciphers to
> protect their material. The method is discovered one way or another, and
> everything caves in on itself! Quite understandable.
>
> Yet I cringe at the way people have just turned their backs on the whole
> meta-philosophy of "coversion." If, for instance, you are to do battle with
> an unbearable, overwhelming power, such as the Government, then what is the
> only real way to "win?" Besides convincing them not to do battle with you?
>
> It is by staying conceiled, secret, untargetable. If they don't know to fight
> you, or, if they do know, but cannot find you, then you stay all right.
> Once it gets to a face-to-face confrontation, however, you lose, and you
> lose immediately, there is nothing you can bring to bear, since it is now
> just a force equation, and they have over 10,000 times the force you do.
> Or more...
>
> This is one of the applications of the secret side of life. Modern crypto-
> graphy has advanced, I think, by declaring all coversion as eventually
> discoverable, and only seeking algorithms that will suffice even if the
> enemy knows your methods. I agree with this. I guess I part company, however,
> when people totally throw out being secretive as a partial or adjunctive
> solution to something that is intrinsicly secret to begin with. The addition
> of conceilment, disinformation, invisibility, etc. can be a tremendous
> advantage when combined with strong methods (good ciphers that don't rely
> on coversion). It is a multilayered approach that first tries to not become
> a target, and, if it is a target is still hard to crack.
>
> When us little people try to maintain privacy against a Govt. that is REALLY
> PISSED OFF BY EVEN THE IDEA WE WANT TO STRONGLY PROTECT OURSELVES, a multi-
> layered, contingency-based approach is required. The most important part of
> it is not a strong cipher, but, not to become a detectable or locatable
> target. i.e. coversion and secrecy.

While what you say is certainly true, it won't survive any kind 
of detailed attack. I'm all for the sentiment, but while there 
are so many mundane things going on round about, the best way to 
remain undetected is to remain undecipherable and to make sure 
that there is enough traffic about of the same sort. Press for 
encipherment of e-mail, that way, if everybody is doing it, who's 
to know what the underworld is doing? This is especially useful 
if you are not actually interested in violent revolution. You can 
then convince the powers that be that you are not worth 
monitoring.

regards

Tony
------------------+-------------------------------+--------------------------+
| Tony Kidson     |`morgan' is an 8MB  486/33 Cat-| Voice +44 81 466 5127    | 
| Morgan Towers,  |Warmer with a 670 MB Hard Disk.| E-Mail                   |      
| Morgan Road,    |It  resides at Morgan Towers in| tony@morgan.demon.co.uk  |
| Bromley,        |Beautiful  Down Town  Bromley. | tny@cix.compulink.co.uk  |
| England BR1 3QE |            -=<*>=-            | 100024.301@compuserve.com|
+=================+===============================+==========================+





Thread