1993-01-15 - more on security/obscurity/reality

Header Data

From: Daniel Ray <norstar@tnl.com>
To: cypherpunks@toad.com
Message Hash: db0d7735438c49cc8470a1136934433c738f9b252a70c9046345b7f06819351b
Message ID: <9301150610.AA09544@tnl.com>
Reply To: N/A
UTC Datetime: 1993-01-15 11:36:26 UTC
Raw Date: Fri, 15 Jan 93 03:36:26 PST

Raw message

From: Daniel Ray <norstar@tnl.com>
Date: Fri, 15 Jan 93 03:36:26 PST
To: cypherpunks@toad.com
Subject: more on security/obscurity/reality
Message-ID: <9301150610.AA09544@tnl.com>
MIME-Version: 1.0
Content-Type: text/plain


Thinking about everything some more, I have a few more things to say
regarding my previous message stating the need for 20-50 new networked
and "randomized" anon remailer sites, and the need to keep secret things
secret.

One thing I've really noticed over the 5 or 6 years I've been on the net
is the real hatred people have for what is coined "security by obscurity."
I think it is because of the terrible way people have gotten burned by
relying on conceiled methods only, or secret algorithms as ciphers to
protect their material. The method is discovered one way or another, and
everything caves in on itself! Quite understandable.

Yet I cringe at the way people have just turned their backs on the whole
meta-philosophy of "coversion." If, for instance, you are to do battle with
an unbearable, overwhelming power, such as the Government, then what is the
only real way to "win?" Besides convincing them not to do battle with you?

It is by staying conceiled, secret, untargetable. If they don't know to fight
you, or, if they do know, but cannot find you, then you stay all right.
Once it gets to a face-to-face confrontation, however, you lose, and you
lose immediately, there is nothing you can bring to bear, since it is now
just a force equation, and they have over 10,000 times the force you do.
Or more...

This is one of the applications of the secret side of life. Modern crypto-
graphy has advanced, I think, by declaring all coversion as eventually
discoverable, and only seeking algorithms that will suffice even if the
enemy knows your methods. I agree with this. I guess I part company, however,
when people totally throw out being secretive as a partial or adjunctive
solution to something that is intrinsicly secret to begin with. The addition
of conceilment, disinformation, invisibility, etc. can be a tremendous
advantage when combined with strong methods (good ciphers that don't rely
on coversion). It is a multilayered approach that first tries to not become
a target, and, if it is a target is still hard to crack.

When us little people try to maintain privacy against a Govt. that is REALLY
PISSED OFF BY EVEN THE IDEA WE WANT TO STRONGLY PROTECT OURSELVES, a multi-
layered, contingency-based approach is required. The most important part of
it is not a strong cipher, but, not to become a detectable or locatable
target. i.e. coversion and secrecy.

People, in response to the PAX snafu, have advocated some kind of protest
and demonstration as a solution. Sure, these can be tried. But no Govt. in
its right mind will let this powerful privacy go on. It just cancels them
out, and they will not have it. It'll get worse as time goes on. It applies
equally to "free" and non-democratic Governments. To the world community
itself. They will not have it. And we will not have them. So there you are.

What to do? Create a fluid, "night"-based, invisible and unfixable multi-
system of coversion and strong ciphers. So, if they get a part, the rest
goes on as before. All parts of it well thought out. Everything subject
to evolution, but, a base assumption that things are already quite bad.
They are.

I wish more of you actually lived an illegal life...you would know what I
am saying without the need to say it. You need to have really faced a real
risk against authority, with YOUR life on the line. And no amount of talk
substitutes for experience here. Oh well.

norstar
The Northern Lights, Troy NY                                 |     
tnl dialins: +1 518 237-2163 @ 1200-2400 bps 8N1 $free     ` | /   
-------------------------------------------------------  --- * --- 
Internet: norstar@tnl.com                                  / | .   
Sysop of TNL Public Access UNIX                              |     






Thread