1993-01-25 - security by obfuscation

Header Data

From: Eric Hughes <hughes@soda.berkeley.edu>
To: cypherpunks@toad.com
Message Hash: 6ca4005239bbb52204c8d75352ed726b01aac57ef3a009c442c1be81bcb7b33f
Message ID: <9301252318.AA12294@soda.berkeley.edu>
Reply To: <9301252034.AA21595@netcom2.netcom.com>
UTC Datetime: 1993-01-25 23:20:38 UTC
Raw Date: Mon, 25 Jan 93 15:20:38 PST

Raw message

From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Mon, 25 Jan 93 15:20:38 PST
To: cypherpunks@toad.com
Subject: security by obfuscation
In-Reply-To: <9301252034.AA21595@netcom2.netcom.com>
Message-ID: <9301252318.AA12294@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain

Matthew Rapaport writes:

>[...] I don't understand the lure
>of all these schemes for hiding mail paths, etc. 

The disambiguating question is "What is the capability of your
opponent?"  Some opponents have only access to their own machine as
users, and some have access as root.  Others have access to all
traffic on the local network and can thus see all mail entering and
leaving a system.  Others, we might assume, have access to all traffic
on any non-local network.

The rule is the following.  If it's cheap enough to defend against
even the strongest opponent, deploy it.  Cryptography, with its
presumably exponential difference between the costs of defense
(encryption) and offense (cryptanalysis), allows for economical
solutions against even the largest of opponents.

Cryptography is a greater leveler than the Colt .45 revolver.